0

We have several apps published on the Google Play store which are already signed by an Android Keystore / key alias. We want to share the keystore (or at least the alias) with a contractor who will help us improve in app purchases for one of the published applications. Having the keystore will be very useful for this.

What are the security implications of this? We trust the contractor but want to know the worst case scenario.

Andrew
  • 341
  • 5
  • 16
  • I don't think this question belongs here, honestly. Try **Android Enthusiasts** instead. This has nothing to do with programming, unfortunately. – Vucko Jun 08 '16 at 22:17
  • Hi - I saw there were a lot of questions on the Android keystore here, so I thought this was the best community. Android Enthusiasts seems to be more for users of Android, not developers. (ex. http://stackoverflow.com/questions/4459719/android-i-lost-my-android-key-store-what-should-i-do) – Andrew Jun 08 '16 at 22:57
  • 1
    Well, this is just my opinion of the matter, I personally do not have anything against your question and I wish it were answered. But this seriously has nothing to do with programming, it is literally a business decision – Vucko Jun 08 '16 at 22:59

2 Answers2

1

If the user can have access to your google play account he can release a new versions of your app.

If you have tampering protection, he can easily bypass it.

At least this two scenarios you should consider.

Sandro Machado
  • 9,921
  • 4
  • 36
  • 57
0

It's also easier to reverse engineering your app.

Publishing an update could be terrible and you may lose reputation

Alexandre Martin
  • 1,472
  • 5
  • 14
  • 27