Recently some mobile app security team suggest some security point related to signing certificate.
Here what they said:- “It has been observed that Self-signed certificates are less trustworthy because they have not been vetted through official channels(CA). CAs can revoke a certificate when they discover it has been compromised, but organizations cannot revoke a self-signed certificate. Instead they must replace or rotate the certificate.”
Here what they suggest:- “It is recommended to get the application signed with trusted CA.”
Alternative :- There is a way we can check every time when app start, in app.component.ts file like cross check the certificate we used while publishing this app are same by some key or hash value so we can take action accordingly if certificate same so continue or some bad guy changed and signed with other certificate so we can exit our app.
My app already published on playstore with the traditional signed certificate
" $ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore myApp_KeyStore.keystore app-release-unsigned.apk "