{"id":13383,"date":"2021-12-09T21:10:18","date_gmt":"2021-12-10T02:10:18","guid":{"rendered":"https:\/\/carleton.ca\/scs\/?page_id=13383"},"modified":"2026-06-02T14:59:23","modified_gmt":"2026-06-02T18:59:23","slug":"tr-13-03-baton-key-agility-for-android-without-a-centralized-certificate-infrastructure","status":"publish","type":"page","link":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2013\/tr-13-03-baton-key-agility-for-android-without-a-centralized-certificate-infrastructure\/","title":{"rendered":"TR-13-03: Baton: Key Agility for Android without a Centralized Certificate Infrastructure"},"content":{"rendered":"\n<section class=\"w-screen px-6 cu-section cu-section--white ml-offset-center md:px-8 lg:px-14\">\n    <div class=\"space-y-6 cu-max-w-child-5xl  md:space-y-10 cu-prose-first-last\">\n\n            <div class=\"cu-textmedia flex flex-col lg:flex-row mx-auto gap-6 md:gap-10 my-6 md:my-12 first:mt-0 max-w-5xl\">\n        <div class=\"justify-start cu-textmedia-content cu-prose-first-last\" style=\"flex: 0 0 100%;\">\n            <header class=\"font-light prose-xl cu-pageheader md:prose-2xl cu-component-updated cu-prose-first-last\">\n                                    <h1 class=\"cu-prose-first-last font-semibold !mt-2 mb-4 md:mb-6 relative after:absolute after:h-px after:bottom-0 after:bg-cu-red after:left-px text-3xl md:text-4xl lg:text-5xl lg:leading-[3.5rem] pb-5 after:w-10 text-cu-black-700 not-prose\">\n                        TR-13-03: Baton: Key Agility for Android without a Centralized Certificate Infrastructure\n                    <\/h1>\n                \n                                \n                            <\/header>\n\n                    <\/div>\n\n            <\/div>\n\n    <\/div>\n<\/section>\n\n<p>Carleton University<br>\n<a href=\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2013\/\">Technical Report<\/a> TR-13-03<br>\nAugust 9, 2013<\/p>\n\n\n\n<h2 id=\"baton-key-agility-for-android-without-a-centralized-certificate-infrastructure\" class=\"wp-block-heading\">Baton: Key Agility for Android without a Centralized Certificate Infrastructure<\/h2>\n\n\n\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">David Barrera, Daniel McCarney, Jeremy Clark, Paul C. van Oorschot<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div>\n<h3>Abstract<\/h3>\n<p>Android&#8217;s trust-on-first-use application signing model associates developers with a fixed signing key, but lacks a mechanism to transparently update the key or renew their signing certificate. As an advantage, this feature allows application updates to be recognized as authorized by a party with access to the original signing key. Changing keys or certificates requires that end-users manually uninstall\/reinstall apps, losing all non-backed up user data. In this paper, we show that with appropriate OS support, developers can securely and without user intervention transfer signing authority to a new signing key. Our proposal, Baton, modifies Android&#8217;s app installation framework enabling key agility while preserving backwards compatibility with current apps and current Android releases. Baton is designed to work consistently with current UID sharing and signature permission requirements. We discuss the technical changes made to Android, and remaining open issues such as key loss and signing authority revocation on Android.<\/p>\n<p><a href=\"https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/TR-13-03-Barrera_0.pdf\">TR-13-03.pdf<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Carleton University Technical Report TR-13-03 August 9, 2013 Baton: Key Agility for Android without a Centralized Certificate Infrastructure David Barrera, Daniel McCarney, Jeremy Clark, Paul C. van Oorschot Abstract Android&#8217;s trust-on-first-use application signing model associates developers with a fixed signing key, but lacks a mechanism to transparently update the key or renew their signing certificate. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":12514,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_cu_dining_location_slug":"","footnotes":"","_links_to":"","_links_to_target":""},"cu_page_type":[],"class_list":["post-13383","page","type-page","status-publish","hentry"],"acf":{"cu_post_thumbnail":false},"_links":{"self":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13383","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/comments?post=13383"}],"version-history":[{"count":1,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13383\/revisions"}],"predecessor-version":[{"id":13384,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13383\/revisions\/13384"}],"up":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/12514"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/media?parent=13383"}],"wp:term":[{"taxonomy":"cu_page_type","embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/cu_page_type?post=13383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}