Skip to main content
Today I learned that Google adds “frosting” to check if apps are signed even if they’re distributed outside Google Play.

Epic’s lawyer just asked about the frosting (is this it?), and Google’s security expert says he’s heard of it. The point seems to be that Google does already have a mechanism for signing some apps outside the Play Store, reportedly for peer-to-peer distribution. Epic pointed out a while ago that some countries, including India, tend to distribute apps peer to peer rather than solely over the internet.