[kuschku]

Android? Security? Are you joking? In the past weeks, several independent exploit chains from "App with no permissions" to "Bootloader takeover" have been published.

Completely working on all versions except for Marshmallow, unpatchable on the older devices due to Android’s update model.

It doesn’t matter what code you sign when literally any app could be a rootkit.

Edit: Some of the chains are from the author of this post: https://www.reddit.com/r/netsec/comments/42fxtg/android_medi...

[letitleak]

I'd not heard from no permissions, but as with a website, I still prefer things with my signature correspond to things from me and are nice even if the rest is a cesspool. Given these problems, I would seriously hope that the ~8 app makers I trust feel the same way.