LXer: Android's code signing can be bypassed
Published at LXer:
Android applications carry a signature that is designed to ensure APK package integrity. During installation, the operating system will use the signature to validate the package contents, and an alert will be issued if a manipulation is detected. US firm Bluebox, which was only founded in mid-2012, claims to have discovered a bug in this approach that allows arbitrary code to be injected into APK files without invalidating the signature. Read More... |
All times are GMT -5. The time now is 05:38 PM. |