App signing: iOS versus Android

Apple’s app signing process can be a real pain-in-the-neck; nevertheless, it works to keep apps trusted. You know when you download a Bank of America app from iTunes that it’s the real thing. You know that the app comes from the Bank of America.

On the other hand, Android allows apps to be self-signed. This has a fundamental flaw: an Android developer can claim to be anyone they want, including Bank of America. Thus, when you download an app from an Android App store, there’s a real possibility that the app was submitted by a charlatan. What’s more, those charlatan apps can actually be malicious!

Daniel Eran Dilger has written an excellent article that features the differences between Apple’s signing process and Google’s. I highly recommend you read his article entitled ”Google’s Android haunted by Steve Jobs’ warnings on app signing security” as it sheds a bright light on the differences between the two mobile platforms; moreover, the article does a great job of outlining the evolution of iOS and its app security policies.

And while you are at it, check out my article entitled ”Mobile for the masses: Sign, seal, and deliver your Android app” and learn how to sign your Android app in preparation for submitting it to an app store!

This story, "App signing: iOS versus Android" was originally published by JavaWorld.

Copyright © 2013 IDG Communications, Inc.