From edb76503d36f05a757fa4e652a2dfbbb471695ad Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Tue, 24 May 2022 06:13:51 -0700 Subject: [PATCH] Update README --- README.MD | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.MD b/README.MD index e8a6ac2d4..350c3e0d4 100644 --- a/README.MD +++ b/README.MD @@ -53,7 +53,13 @@ For Magisk app crashes, record and upload the logcat when the crash occurs. For each action, use `-h` to access help (e.g. `./build.py all -h`) - To start development, open the project with Android Studio. The IDE can be used for both app (Kotlin/Java) and native (C++/C) sources. - Optionally, set custom configs with `config.prop`. A sample `config.prop.sample` is provided. -- To sign APKs and zips with your own private keys, set signing configs in `config.prop`. For more info, check [Google's Documentation](https://developer.android.com/studio/publish/app-signing.html#generate-key). + +## Signing and Distribution + +- The certificate of the key used to sign the final Magisk APK product is also directly embedded into some executables. In release builds, Magisk's root daemon will enforce this certificate check and reject and forcefully uninstall any non-matching Magisk apps to protect users from malicious and unverified Magisk APKs. +- To do any development on Magisk itself, switch to an **official debug build and reinstall Magisk** to bypass the signature check. +- To distribute your own Magisk builds signed with your own keys, set your signing configs in `config.prop`. +- Check [Google's Documentation](https://developer.android.com/studio/publish/app-signing.html#generate-key) for more details on generating your own key. ## Translation Contributions