Mishaal Rahman (@MishaalRahman@androiddev.social)
Attached: 1 image Folks, this is bad news. Very, very bad. Hackers and/or malicious insiders have leaked the platform certificates of several vendors. These are used to sign system apps on Android builds, including the "android" app itself. These certs are being used to sign malicious Android...
social.treehouse.systems
Folks, this is bad news. Very, very bad. Hackers and/or malicious insiders have leaked the platform certificates of several vendors. These are used to sign system apps on Android builds, including the "android" app itself. These certs are being used to sign malicious Android apps!
100 - apvi - Android Partner Vulnerability Initiative - Monorail
bugs.chromium.org
https://androiddev.social/@MishaalRahman/109440552872028377
Hector Martin (@marcan@treehouse.systems)
Soooo Samsung does not use HSMs to secure their platform signing keys. Are Apple and Google the *only* vendors with half a clue how to securely build and deploy software for major, mainstream consumer devices? If we don't already have laws we can use to fine major device OEMs who fail...
social.treehouse.systems