I am developing android apps on my very personal computer.
Securing the keystore to sign android apps seems to me to be overkill. Securing is usally a pain, so I would apply it only when I get any realistic advantage. The android docs only talk about other users on the same computer, but that is not valid in my case.
Is there any rational need to secure a keystore on a secured personal machine?
Is there any rational need to use strong password on a keystore on a secured personal machine?
If you can be sure, that no one, neither online nor offline, will ever be able to access your keystore file, then there is no need.
ReplyDeleteYes there is a very real concern here.
ReplyDeleteLets say you get lucky and write a million dollar app. Malware distributers would only have to figure out who you are and hack your computer. Then they would have access to application source code and the keystore and mabye even your Google login credentials. If you haven't secured the keystore there is very little to stop them from distributing a hijacked version of your app through the android market through your account.
Adding a password to the keystore really isn't that much extra effort and you should always do it.