I'm curious about what you mean by the issue with Android's security model. Apps can have whatever package name they want (… Well, I am sure you can't publish a com.google package on the Play Store) so that doesn't make sense.
The only thing I can imagine you're referring to is data sharing between applications signed with the same key, but that's not the package name.
From what I've read, applications by the same vendor can automatically log into the vendor's services after one app is logged in because they share the same name space. What else would name space be if not com.facebook., com.google., com.microsoft.*, etc.?
I'm curious about what you mean by the issue with Android's security model. Apps can have whatever package name they want (… Well, I am sure you can't publish a
com.googlepackage on the Play Store) so that doesn't make sense.The only thing I can imagine you're referring to is data sharing between applications signed with the same key, but that's not the package name.
From what I've read, applications by the same vendor can automatically log into the vendor's services after one app is logged in because they share the same name space. What else would name space be if not com.facebook., com.google., com.microsoft.*, etc.?
I'm pretty sure they have to be signed with the same keys only
See the 3rd bullet point here https://developer.android.com/studio/publish/app-signing#considerations
Huh. Maybe it was different before or whatever I've read was just wrong. Good to know.