Roku Developer Program

Developers and content creators—a complete solution for growing an audience directly.
cancel
Showing results for 
Search instead for 
Did you mean: 
muteki
Level 7

App signing/packaging provides authenticity of the app?

I have question regarding to the purpose of app signing/packaging.  My understanding of app signing is usually to ensure authenticity/integrity of the app..  However, both the docs and the behavior I observed suggests it may only perform encryption/integrity checking but nothing about authenticity. 

Does the app signing/packaging provides authenticity of the app?

https://sdkdocs.roku.com/display/sdkdoc ... y+Overview

"Applications which run on the player must be encrypted and signed using the developer's unique developer specific set of keys generated by the Roku Streaming Player in developer mode. Code signing is done automatically as part of generating a package and ensures the integrity of code. Application packages are also encrypted to ensure confidentiality of the source code."

However, I found out I can sign a different app using a totally different roku box/dev id/password and upload to the same channel and the box will happily install that app.  I am not sure if I understand what does the app signing provide here?  The only way to protect the authenticity of the app is to protect the username/password of the developer account?

I also read somewhere about the registry being wiped out if a different developer ID is used to sign the app.  Does it mean the app signing provide a global key unique to this app to encrypt the app's specific registry?  That sounds very different from app signing to me.
0 Kudos
5 Replies
muteki
Level 7

Re: App signing/packaging provides authenticity of the app?

So far all my testing is done on non-certified channel.  Could there be additional verification during upload on public channel?  Anyone knows?
0 Kudos
squirreltown
Level 9

Re: App signing/packaging provides authenticity of the app?

What exactly are you concerned about? I can't figure it out.
Kinetics Screensavers
0 Kudos
muteki
Level 7

Re: App signing/packaging provides authenticity of the app?

I am trying to setup a signing procedure for our roku app.  And I am trying to understand how much protection I need to put in place for protecting this special roku device + devid/password pair for the signing/packaging process.  (we do app signing for other platforms also)  In our experience, traditional app signing is to ensure authenticity/integrity of the app so protecting the private key for signing is critical.  Now when evaluating the signing/packaging process of roku app, I am puzzled as to what does that provide.  It surely doesn't ensure authenticity of the app (in my test for non-certified channel).  So I wonder am I missing something or I should really spend my resource else where (i.e. protecting username/password of the developer account) rather than this roku/devid/password.
0 Kudos
squirreltown
Level 9

Re: App signing/packaging provides authenticity of the app?

"muteki" wrote:
So I wonder am I missing something or I should really spend my resource else where (i.e. protecting username/password of the developer account) rather than this roku/devid/password.

If you publish a channel, it's permanently tied to that developer account. Only that account will be able to access the web portal to change it. Since you can re-key any Roku box to any ID/pass using a .pkg file generated by the original ID/pass combo, the devID/pass matters mostly when you publish something and then update it. The registry is tied to the devID.  If your users have made settings changes stored in the registry, you want to use the same devID every time you package/update that channel, otherwise the devID's won't match and the updated channel won't see the old settings, and will behave as if there were none. Whatever signing goes on happens in the box, and is not your concern.
Kinetics Screensavers
0 Kudos
muteki
Level 7

Re: App signing/packaging provides authenticity of the app?

Thanks for the response.  I think that confirms our observation.  In summary, app signing/packaging doesn't provide authenticity of the app, and protecting developer account is crucial to maintain authenticity of the app..   On the other hand, the roku device/devId/password in the "signing process" is solely used to ensure consistent view of the registry data during an upgrade.  (not much related to the tradition purpose of app signing)
0 Kudos