|
|
|
|
|
|
by bellyfullofbac
1870 days ago
|
|
|
I don't want to defend Google here, but in theory, since Google controls the OS, it can also make it lie to you. So you tell the OS to "show me this app's signature", and the OS can just lie and show you the expected signature. You want to copy the app to an SD card so you can check it on your Linux PC? The OS can copy the "legal" app. Also yeah, it seems code signing won't affect anything if the OS wants to be malicious. "Super Secret Messaging App" asks the OS to load encrypt.so, its custom encryption library, and the OS can deliver a no-op library and say "Here it is!". The app wants to check the file's hash, the OS can intercept the hash method's return value and change it to the expected one... |
|
|
Google controls Android, but it does not control every other OS and every piece of hardware.
If someone downloads an apk with their own custom Google Play client, running on their own computer, they can check whether it was tampered with. In the past a tampered apk from Google servers would have been signed by wrong key (because the proper key is controlled by developer), pointing to Google as culprit. Now it will be signed by "developer's" key (shared with Google), creating plausible deniability for Google and US intelligence services.
> "Super Secret Messaging App" asks the OS to load encrypt.so, its custom encryption library, and the OS can deliver a no-op library and say "Here it is!". The app wants to check the file's hash, the OS can intercept the hash method's return value
This sounds extremely labor-intensive. Who will write all those no-op libraries? Who will pay for it?