|
|
|
|
|
|
by letitleak
3781 days ago
|
|
|
Sorry to go OT[1], but is there a link to their general (encryption/integrity) policies? I was shocked they are sometimes delivering the android studio via http and providing only sha1 sums. If your IDE is compromised, then who knows what code you might be signing.. [1](Well I considered it a related matter, as I have trouble telling what googles actually policies are and whether my attempts at feedback will be filtered by a group in some kind of crunch as described or by someone who will be neutrally considering actual policies..) |
|
|
Completely working on all versions except for Marshmallow, unpatchable on the older devices due to Android’s update model.
It doesn’t matter what code you sign when literally any app could be a rootkit.
Edit: Some of the chains are from the author of this post: https://www.reddit.com/r/netsec/comments/42fxtg/android_medi...