News Site

Android OEM key leak means sideloaded “updates” could be hiding serious malware

A crucial aspect of Android smartphone security is the application signing process. It’s essentially a way to guarantee that any app updates are coming from the original developer, as the key used to sign applications should always be kept private. A number of these platform certificates from the likes of Samsung, MediaTek, LG, and Revoview appear to have leaked, and worse still, been used to sign malware. This was disclosed through the Android Partner Vulnerability Initiative (APVI) and only applies to app updates, not OTAs.

This post has been read 19 times!

Like Love Haha Wow Sad Angry