Does your Microsoft Publisher ID have to be kept private?

StackOverflow https://stackoverflow.com/questions/18755225

  •  28-06-2022
  •  | 
  •  

Question

From the Microsoft Dev Center, your Publisher ID is...

the string that uniquely identifies your Windows Store developer account in your packages. The publisher ID is assigned by Microsoft, and you can't change it.

This is likely to appear in a lot of Open Source repositories for Windows 8 because it is listed in the identity element of the Package.appxmanifest file which is required in order to build your project.

A search of extension:appxmanifest on GitHub reveals almost 5,000 files with this info since the appxmanifest is not on the default gitignore.

Here's GitHub's Help Page on Removing Sensitive Data, but I'm wondering if there's a reason to be worried about it in the first place.

Q: Is there a security reason why this should remain private?

Was it helpful?

Solution 2

Q: Is there a security reason why this should remain private?

I will not say that this is because of the 100% security reason. But there are other factors as well. As this Publisher ID which you have obtained from your developer account at the Store will help you create a certificate with a Publisher ID of your choice. You can also create a password.

Publisher ID helps you in signing an app package

If you either create a package for the Windows Store or associate your app with it, the Publisher attribute is set to the Publisher ID that’s obtained from your developer account at the Store when you sign in during package creation.

So it is your publisher ID which is actually identifying you. So its better to keep it secure.(It is very similar to take it like you will not like to give your bank account details to anyone except the bank ;-))

So if your publisher ID is not secure or is public then you may loose that choice.

Check this To create or use an alternate certificate

OTHER TIPS

There is almost no reason under normal circumstances to keep your Microsoft Publisher ID private. (I wouldn't be surprised if there's some unique edge case where you would want to keep it private. Somebody else would have to help me out there.)

Your publisher ID is distributed every time somebody downloads your app from the Windows Store. You can view this for any app by manually opening its AppxManifest.xml, or you can use PowerShell: (Get-AppxPackage -Name "*_APPNAME_*" | Get-AppxPackageManifest).Package.Identity.Publisher

For example, (Get-AppxPackage -Name "*netflix*" | Get-AppxPackageManifest).Package.Identity.Publisher returns CN=52120C15-ACFA-47FC-A7E3-4974DBA79445, and running the command on an app I've published to the Windows Store gives me my personal Publisher ID.

Kunal Chowdhury, a Microsoft MVP, has his on a blog post. I suspect that if an MVP is comfortable doing so, then it is probably safe.

http://www.kunal-chowdhury.com/2011/12/what-is-packageappxmanifest-file-in.html

Mabye consider contacting and asking Mr. Chowdhury. I'm sure he could give you good advice in this area.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top