Android manifest package name

The package name we declare in AndroidManifest.xml is the unique ID of an application. To avoid 开发者_JAVA技巧naming conflict, we normally use domain name in this package name, like "com.google.*". If this is the case, there's no way to avoid other people using my domain name in their package name maliciously. Say if I am using "com.google.myapp", that's a totally valid package name even though I am not building apps for Google. Let's say my app has package name "com.mycompany.myapp", there's no way I can prevent other people using the same package name in there app.

Is this a problem that I should worry about? It seems this is the nature of Android, which can't be prevented.

No, there is no way to prevent someone else from using an identical package name.

However the package name is combined with the certificate used to sign the package: if someone tries to install a maliciously named package on top of an existing package they will need to use the exact same cert. If they don't use the exact same cert then the OS will reject the install and the malicious package will not have access to the original package's data. In practice this deals with the security issues.