1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Android 'master key' discovery raises security risk

Discussion in 'Article Discussion' started by Gareth Halfacree, 4 Jul 2013.

  1. David

    David μoʍ ɼouმ qᴉq λon ƨbԍuq ϝʁλᴉuმ ϝo ʁԍɑq ϝμᴉƨ

    Joined:
    7 Apr 2009
    Posts:
    17,419
    Likes Received:
    5,790
    I would argue it's a little naive to assume that there aren't any employees at genuine publishing houses with ties to people who have access to this code. So, to suggest the only people at risk are Ne'er-do-wells themselves is dismissive and a dangerous idea to propogate.
     
  2. faugusztin

    faugusztin I *am* the guy with two left hands

    Joined:
    11 Aug 2008
    Posts:
    6,953
    Likes Received:
    270
    You need an inside man for that - and unless that inside man is an idiot willing to sit few years in jail for that, then it is not going to happen. I simply don't see this happening in Play Store (especially when Google knows about it for a while and probably implemented a check for this in the upload procedure (they are checking your APK files for malware, trojans already). So while it is possible that a client side fix is not yet distributed, server side fix could be already live for weeks or months. This is in my opinion confirmed by the fact that they will publish "proof of concept" at the end of this month (as that is the next big security conference), so the description of the attack is "safe to publish" as it is "fixed".

    So yes, in my opinion the only danger is when you are installing from "other sources".
     
  3. Snips

    Snips I can do dat, giz a job

    Joined:
    14 Sep 2010
    Posts:
    1,940
    Likes Received:
    66
    By the sound of things and from what I've seen, Google Play has so many filler apps that they have no idea what's being made available to the everyday user. That's the price for it being too open I suppose.
     

Share This Page