Published 1 year ago

Samsung’s Android app-signing key has leaked, is being used to sign malware

Summary by Ground News

Android's app-updating process isn't just for apps downloaded from an app store. You can also update bundled-in system apps made by Google, your device manufacturer, and any other bundled apps. If a developer's signing key got leaked, anyone could distribute malicious app updates and Android would happily install them, thinking they are legit.

0 Articles

All

Left

Center

Right

Ars Technica

Samsung’s Android app-signing key has leaked, is being used to sign malware

The cryptographic key proves an update is legit, assuming your OEM doesn't lose it.

1 year ago·United States

Read Full Article

GIGAZINE

It was revealed that app signature keys were leaked from Android OEMs such as Samsung and LG and used to sign malware

Google Play, the official app store for Android, ensures that the apps and updates distributed are secure by using Play App Signatures. This application signature key should originally be kept private, but a large number of application signature keys used by OEM manufacturers of Android devices have been leaked, and it has become clear that they were used to sign malware.

1 year ago

Read Full Article

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/year

Stories disproportionately reported by the Left or the Right

Ground News Article Assistant

Not enough coverage to generate an Article Assistant.