Builds are signed by the software publisher, not the Play Store. So the store al...

thecrash 77 days ago | parent | context | favorite | on: Delta Chat – Email Based PGP Encrypted Chat

Builds are signed by the software publisher, not the Play Store. So the store alone couldn't corrupt releases, it would need collaboration by the publisher. (Google does have a service for app developers where they keep and manage your signing keys for you, but it's not required)

balamatom 76 days ago [–]

Interesting! Who checks those signatures?