If an Android OEM ever lost their system app signing key, it would be really, really bad. If a third-party developer ever lost their signing key, it would be bad.
While downloaded apps have a strict set of permissions and controls, bundled-in Android system apps have access to much more powerful and invasive permissions and aren't subject to the usual Play Store limitations (this is why Facebook always pays to be a bundled app). On Android, the app-updating process isn't just for apps downloaded from an app store, you can also update bundled-in system apps made by Google, your device manufacturer, and any other bundled apps. If a developer's signing key got leaked, anyone could distribute malicious app updates and Android would happily install them, thinking they are legit. The matching keys ensure the update actually comes from the company that originally made your app and isn't some malicious hijacking plot. Any time Android updates an app, the signing key of the old app on your phone needs to match the key of the update you're installing. A developer's cryptographic signing key is one of the major linchpins of Android security.
0 kommentar(er)
