> With Play App Signing, Google manages and protects your app's signing key for you and uses it to sign optimized, distribution APKs that are generated from your app bundles
There is no meaning of having a private signing key if is not private. Why does Google need me to upload a private key if they are then free to use it on their own?
Sure there is. You’re increasing the scope of the key to include a third party, but… it’s one that controls the OS, distribution channels, publishing platform, SDK, the tools used to publish APKs, even the device drivers on your phone.
If they want to maliciously modify the VLC apk, there isn’t anything you can do to stop them.
I think we all understand why Google might have a need to sign the binaries themselves. The point is that if they are creating binaries it should be signed by Google using a key uploaded by me it is just unnecessary.
There is no meaning of having a private signing key if is not private. Why does Google need me to upload a private key if they are then free to use it on their own?
https://support.google.com/googleplay/android-developer/answ...