My question is: Shouldn't the AIR application updater check
to make sure that an application cannot be upgraded or downgrade
unless the certificates match? That way a hacker could not generate
the same app with the same certificate.
The certificate makes sure that only u with the same
certificate can publish your application. What they are talking
about is that you should still make sure that you application
checks for updates, so an older version not is 'left alone' in case
i turns out to have security leaks, that makes data insecure. The
'hackers' can not ( that I have found yet ) recreate your
application, but they can destribute an old version of your
application, witch could be harmfull if it didn't have an update
system buildt into it.