Android's code signing can be bypassed

Posted by bob on Jul 5, 2013 8:10 AM EDT
The H Open
Mail this story
Print this story

Android applications carry a signature that is designed to ensure APK package integrity. During installation, the operating system will use the signature to validate the package contents, and an alert will be issued if a manipulation is detected. US firm Bluebox, which was only founded in mid-2012, claims to have discovered a bug in this approach that allows arbitrary code to be injected into APK files without invalidating the signature.

Full Story

» Read more about: Story Type: News Story, Security; Groups: Android

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.