Android requires that each application be signed with the developer’s digital keys to enforce signature permissions and application requests to use shared user ID or target process.
The core Android platform uses four keys to maintain security of core platform components:
- platform: a key for packages that are part of the core platform.
- shared: a key for things that are shared in the home/contacts process.
- media: a key for packages that are part of the media/download system.
- testkey: the default key to sign with if not otherwise specified.
-
One more thing to be noted is that Android’s Package Manager uses an .apk signature in two ways:
- When an application is replaced, it must be signed by the same key as the old application in order to get access to the old application’s data.
- If you change the certificate of an app already installed, it has to be un-installed first
- If two or more applications want to share a user ID (so they can share data, etc.), they must be signed with the same key.
具体请参看源文章
https://boundarydevices.com/android-security-part-1-application-signatures-permissions/