undefined | Better HN

0 pointskbolino1y ago0 comments

Interesting. I assumed there was some kind of internal identifier, which was the same between the two variants of the app, but I guess that identifier is just (a hash of?) the public key. Nevertheless, it seems like the Play Store had priority for providing updates.

Tangentially, how does Android handle signing key rotation/expiration?

0 comments

xelamonster1y ago

The identifier would be the package name baked into the APK, "com.amazon.mshop.android.shopping" in this case, likely the same for both versions. I'm sure there's several ways that issue could have happened but my first guess would be some OEM nonsense, a lot of them bundle Amazon and probably have poorly written updaters that can't tell you've modified the install.

kbolinoOP1y ago

This happened on Pixel devices, so the OEM is Google (which might be related). As I recall, no Amazon apps come preinstalled, but I have installed them from the Play Store first, then removed them, so maybe that could have flipped some flag too.

xelamonster1y ago

Interesting, yeah could be. Disabling Play Store auto-updates for the app if enabled might help.

Actually I'm not sure how you installed Amazon Shopping from the Amazon store anyways? I installed it a while back assuming they would have versions of Shopping and Kindle that would let me buy books, but they didn't seem to distribute those apps at all which I thought was strange. Still not seeing them there now.

1 more reply

j / k navigate · click thread line to collapse

0 pointskbolino1y ago0 comments

Tangentially, how does Android handle signing key rotation/expiration?

0 comments

xelamonster1y ago

kbolinoOP1y ago

xelamonster1y ago

Interesting, yeah could be. Disabling Play Store auto-updates for the app if enabled might help.

1 more reply

j / k navigate · click thread line to collapse