All Android devices require signed binaries and have done so since 1.0.

noname120 · 2025-11-13T09:50:47 1763027447

Red herring. Self-signed certificates have always been accepted, and generating a certificate is a one-liner:

    keytool -genkeypair -keystore mykey.jks -alias myalias -keyalg RSA

The public testkey certificate is also accepted so you don’t even need to generate one.

NoGravitas · 2025-11-14T16:28:57 1763137737

Yes, but then when you update the app, it has to be signed with the same certificate. Android effectively uses TOFU for apk signatures.