Closed private-number closed 1 year ago
The key pair we use is strictly for package signing only. Conducting an MITM attack using this certificate is not practical.
For sideloaded apps, it is a common practice to provide a certificate for pre-built app packages. See Bili.Uwp and Natsurainko.FluentLauncher.
If it is still of concern to you, I suggest manually compiling this app from source.
thanks for your reply. Isn't it better to create a self-sign package script and append it to installation script as pre-requisite to avoid importing CA to trust root?
Isn't it better to create a self-sign package script and append it to installation script as pre-requisite to avoid importing CA to trust root?
The installation scripts that come with the app package, i.e. install.ps1
and Add-AppDevPackage.ps1
, are prepared by Visual Studio packaging pipeline and hence it is not advisable to modify them. The client machine may not have Windows SDK installed where SignTool is provided as well.
Importing unknown certificate into local machine trusted root authority is not acceptable for security reasons and in any way means opening door for MITM attack.