How does app signing work?

RandomByte

As far as i know developers upload their singing key to google play so that google can then sign the apps for them. Why? Wouln't it be safer if the developers kept the private signing key actually private? Does this mean that Google could for example sign a malliciously modified version of signal and then pulblish it unnoticed?
Thanks.

AcidDemon

RandomByte
Maybe this can shine some light on this topic

https://source.android.com/docs/security/features/apksigning

other8026

RandomByte Can Google make changes to apps if they're the ones who sign them? Yes. Do they? I'd have to say no. I have never heard of Google making changes to an app. They'd likely be caught if they did.

Keep in mind Google can already get plenty of information from phones running the stock OS.

I'd look into code transparency and reproducible builds as two ways to verify apps aren't tampered with.

yellow-leaves

This is my understanding of app signing as it pertains to the Google play store

Android uses Public-key cryptography for app signing.
It used to be the case that all developers kept there own signing keys, but nowadays all new apps are required to utilize something google calls Play App Signing.

This means that developers no longer hold there own signing keys, instead apps gets temporarily signed with an upload key by the developer before being uploaded to google.
Once the app is uploaded to google, google replaces this key with with one of there own signing keys before delivering the app to end users.

The old way of signing app where developers kept there own signing keys
https://developer.android.com/studio/publish/app-signing#opt-out

Play app signing
https://developer.android.com/studio/publish/app-signing#enroll