I am resigning apps on a system image in a manner similar to : Resigning System Image on a Device.
What I am trying to figure out is how Android verify these apks. In the standard android build the platform cert is selfsigned: platform.x509.pem.
I guess and hope this certificate is deployed as a file somewhere on the device.
For instance in my test system image framework-res.apk
is signed with a selfsigned certificate with the serial number d20995a79c0daad6
but this certificate is no where to be found in /system/etc/security/cacerts
.
My question is how is the platform certificate known to Android assuming it is not hardocded somewhere.
EDIT #1: I pasted the subject key id instead of the serial number.
EDIT #2: I searched the entire image for PEM encoded certificates, found some but still no platform cert. Searched for the DER encoding of the serial number too but without luck.