Android Question CERT Coordination Center Private Key Email

[dieterp]

I received an email from the CERT Coordination Center stating "The CERT Coordination Center <https://www.cert.org> is investigating Android applications that include private keys in them, yet are available publicly in the Google Play store. You may have already received a notification that your application b4a.yourapp distributes one or more private keys..."

The email goes into great length about Private Sign Keys. What is the course of action for what they require us to do with our private sign keys?

 

[Erel]

Have you put your private signing key in the Files folder?

 

[dieterp]

I have indeed. I'm assuming that must come out of there then?

 

[Erel]

This is a mistake. This means that the key is distributed with your app.

 

[dieterp]

OK thanks Erel. I will remove it from the folder and re-upload the app