I know nothing about the real situation, but commenting off the cuff based on what I read here, it sounds like either:
1) google just sign these apks with their own certs.
2) google should present the developer with a google public key that the developer signs, allowing google to sign an apk with a google key that had a chain of trust to the developer.
1) google just sign these apks with their own certs.
2) google should present the developer with a google public key that the developer signs, allowing google to sign an apk with a google key that had a chain of trust to the developer.