Accrescent currently pins the SHA256 hash of the public key(s) of a given app's signing certificate(s). Android identifies an app's signer by its entire signing certificate in various places, not just by the public key. Is there any benefit to pinning hashes of whole certificates instead of only their public keys?
Accrescent currently pins the SHA256 hash of the public key(s) of a given app's signing certificate(s). Android identifies an app's signer by its entire signing certificate in various places, not just by the public key. Is there any benefit to pinning hashes of whole certificates instead of only their public keys?