An electronic device such as a smartphone or a tablet includes an application that provides various functions or services. The application may be preloaded on the electronic device and may be downloaded on the electronic device through an application market (e.g., Google Play Store™, App Store®, and the like).
The application may include a developer signature to prevent the application from tampering or being replaced with another application by a malicious user. For example, the application installed on the electronic device may be signed with a key (e.g., a developer key) of an application developer. When installing or updating an application that is the same as an existing application, the electronic device may compare signature information of the existing application with signature information of a new application, and only in the case where the pieces of signature information are the same each other, the electronic device permits installing the new application.
In the case where the developer key (signature information) of an application is leaked, the malicious user may sign the application, in which the malicious code is included, by using the leaked signature information and may then distribute the application. If the malicious application is installed in the electronic device, a severe security issue may occur. Besides, if the application developer loses or forgets the developer key, an issue may occur in distributing the updated application.
If the above-described situation occurs, according to the technology of the related art, after distributing an application of a new name signed with a new key, the developer may request each user to uninstall the existing applications respectively after installing a new application. However, this method has limitations and may be very troublesome. Also, a security status of the electronic device may not be guaranteed, and some applications (e.g., pre-installed applications) may not be uninstalled.
The above information is presented as background information only to assist with an understanding of the present disclosure. No determination has been made, and no assertion is made, as to whether any of the above might be applicable as prior art with regard to the present disclosure.