The Updater programs appears to get configuration settings in part from an accompanying .ini file. Someone could alter it to change the URL and remove the requirement for the digital signature. Is there a way to prevent this from being done?
Unfortunately, we do not have predefined support for this task.
You can, however, try to achieve this by setting the read-only attribute on the .INI file through a custom action.
The custom action should be scheduled after the "Add resources" action group with its execution time set to "When the system is being modified (deferred)".