Digital signing of application packages represents a key element in the security and integrity of applications. This procedure ensures that an application is not modified after its initial deployment. A modification in an application could mean to malicious parties an opportunity for injecting malware into the application. If a signed package has known any changes, the initial signing is lost indicating possible modification and canceling any possible guarantees that the application is as secure as it was initially developed. Deployed applications with a digital signing serve as proof of guarantee from the application developer to its end-user. Once the developer has signed the application, it becomes locked and unauthorized changes are not possible. It becomes then a responsibility of the end-user to verify that the signature of the application indeed matches with that one of the trusted developers.
Download Complete Tech Note: Tech Note Document