All mobile apps and almost all desktop applications must be signed with the electronic signature of the developer. When you try to unfold the control system of keys for apps signature, you may face a number of difficulties: many developers should be able to sign their assembly, but the signature keys should be kept in secret with restricted access to them. The former employees should not be able to sign application, etc. There is also a risk to sign malicious applications so that the signature keys will be revocated and the operation of all applications signed with that key will be disrupted. To solve these problems we have created our own solution that may sign the applications for Android, Windows (usermode, kernel mode), Java applications and applets, and would like to tell you about it. In general, our presentation will be devoted to:
– the structure of the app signature in each platform Windows, Android, iOS;
– the role of electronic signature in every platform security;
– the consequences of the signature key compromise;
– the creation of a convenient service for management of signature keys in a large company;
– the transformation of such service to check service of application security.