Are Android Apps Signed?

Are Android apps signed like Windows executables. If so, I would like to see a “trusted software vendors” list added to CMS.

Knowing how CIS works, I feel a little unsafe that a rogue app “may” make it onto my phone and CMS’s antivirus database will not be aware of it.


I doubt that would happen as lots of apps are written by individual people in their home and uploaded to the app store.

They are signed, but:

The certificate does not need to be signed by a certificate authority: it is perfectly allowable, and typical, for Android applications to use self-signed certificates.

Is it possible for rogue apps to be installed silently (maybe from visiting websites, etc) on an android phone without the users consent? I’m just thinking that maybe CMS is playing catchup like your windows antivirus software and should rely on a more proactive solution. Maybe Android offers something similar that I’m not aware of.


I hope not allowing “unknown sources” in the settings (default) prevents such installs.

A TVL would probably work, but I don’t expect Comodo to add self-signed certificates.

[attachment deleted by admin]