in the current main branch, it seems that a credential is first verified (meaning, it is checked if the raw data, matches the data inside the signature, to control if the date was altered during issue credential from issuer to holder) before stored in the wallet.
I currently use aca-py 0.6.0 release and after researching in the source Code, i could not find this behavior.
Have I overseen something or is this missing? I am currently trying to build an authentication and authorisation system on-top of aries and indy. If this is missing in the current release, i need to implement a workaround.
Short Answer: Yes it does.
Proof: https://github.com/hyperledger/aries-cloudagent-python/issues/1217