BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
What is code signing and why is it important for mobile developers?
Code signing is the process of attaching a digital signature to application binaries. To understand digital signatures, it is helpful to think first about physical signatures and how they are used with legal documents. A signature on a legal document should indicate that the signer has read the document, understands it and agrees to be bound by the terms of the agreement. To do this, the document is printed out so the contents of the document are captured at a given point in time and the paper is signed. With digital signatures, cryptographic functions are used to identify a specific application binary and associate that binary with a specific developer or organization. This allows other systems to understand several things about an application:
- The source of the application based on who signed the application binary; and
- Whether the application binary has been changed since it was originally signed.
Knowing these things can be helpful for users when making security decisions. For example, users might be willing to install and run an application that was signed by their bank. But they might not be willing to install and run applications signed by organizations they do not recognize. Or they might be willing to allow certain applications from one source access to sensitive information such as contact lists, but be unwilling to make that data available to applications from another source. In addition, the signature lets a user know that the application they are running is the one that was actually provided by the signing party and that it has not been modified along the way.
Code signing does not guarantee that applications are free of security vulnerabilities.
Code signing is important for mobile developers because it is used to create a trust system where users can make decisions about what applications they want to run and what permissions they want to give those applications. Code signing lets developers package up a specific version of their applications and send it along to application stores such as the Apple AppStore or Google Play. The application store then turns around and allows application users to download the application. Because the applications are signed, the app stores know that the applications being submitted were created by the developer and the app store can then represent this to the users downloading the applications. This system does not guarantee that applications are free of security vulnerabilities and malicious behaviors. However, in cases where applications are discovered to have vulnerabilities or malicious behaviors, it allows the store to identify the developer responsible.
The security of this system is based on the assumption that the app developer is the only party with access to the credentials used to sign applications, so it is important that the keys used to sign applications are protected and not allowed to fall into malicious hands. Otherwise, malicious application developers could create their own applications and submit them as if they were a legitimate application developer.