diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk
index 3631cfdb2..d6a8b5378 100644
--- a/target/product/security/Android.mk
+++ b/target/product/security/Android.mk
@@ -80,30 +80,3 @@ $(LOCAL_BUILT_MODULE): \
 	    $(extra_recovery_keys)
 	$(SOONG_ZIP) -o $@ -j \
 	    $(foreach key_file, $(PRIVATE_CERT) $(PRIVATE_EXTRA_RECOVERY_KEYS), -f $(key_file))
-
-
-#######################################
-# update_engine_payload_key, used by update_engine. We use the same key as otacerts but in RSA
-# public key format.
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := update_engine_payload_key
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_STEM := update-payload-key.pub.pem
-LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/update_engine
-include $(BUILD_SYSTEM)/base_rules.mk
-$(LOCAL_BUILT_MODULE): $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
-	openssl x509 -pubkey -noout -in $< > $@
-
-
-#######################################
-# update_engine_payload_key for recovery image, used by update_engine.
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := update_engine_payload_key.recovery
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_STEM := update-payload-key.pub.pem
-LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/system/etc/update_engine
-include $(BUILD_SYSTEM)/base_rules.mk
-$(LOCAL_BUILT_MODULE): $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
-	openssl x509 -pubkey -noout -in $< > $@
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 0ef698e70..0f4f1daec 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -557,14 +557,13 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
       OPTIONS.rebuild_recovery = True
 
     # Don't copy OTA certs if we're replacing them.
+    # Replacement of update-payload-key.pub.pem was removed in b/116660991.
     elif (
         OPTIONS.replace_ota_keys and
         filename in (
             "BOOT/RAMDISK/system/etc/security/otacerts.zip",
-            "BOOT/RAMDISK/system/etc/update_engine/update-payload-key.pub.pem",
             "RECOVERY/RAMDISK/system/etc/security/otacerts.zip",
-            "SYSTEM/etc/security/otacerts.zip",
-            "SYSTEM/etc/update_engine/update-payload-key.pub.pem")):
+            "SYSTEM/etc/security/otacerts.zip")):
       pass
 
     # Skip META/misc_info.txt since we will write back the new values later.
@@ -832,24 +831,6 @@ def ReplaceOtaKeys(input_tf_zip, output_tf_zip, misc_info):
   # We DO NOT include the extra_recovery_keys (if any) here.
   WriteOtacerts(output_tf_zip, "SYSTEM/etc/security/otacerts.zip", mapped_keys)
 
-  # For A/B devices, update the payload verification key.
-  if misc_info.get("ab_update") == "true":
-    # Unlike otacerts.zip that may contain multiple keys, we can only specify
-    # ONE payload verification key.
-    if len(mapped_keys) > 1:
-      print("\n  WARNING: Found more than one OTA keys; Using the first one"
-            " as payload verification key.\n\n")
-
-    print("Using %s for payload verification." % (mapped_keys[0],))
-    pubkey = common.ExtractPublicKey(mapped_keys[0])
-    common.ZipWriteStr(
-        output_tf_zip,
-        "SYSTEM/etc/update_engine/update-payload-key.pub.pem",
-        pubkey)
-    common.ZipWriteStr(
-        output_tf_zip,
-        "BOOT/RAMDISK/system/etc/update_engine/update-payload-key.pub.pem",
-        pubkey)
 
 
 def ReplaceVerityPublicKey(output_zip, filename, key_path):