IIRC, each package on the marketplace is signed, and I don’t think Google gets that private key to spoof. Packages won’t update/install over themselves if the signature is incorrect.
1 Like
IIRC, each package on the marketplace is signed, and I don’t think Google gets that private key to spoof. Packages won’t update/install over themselves if the signature is incorrect.
