|
|
|
|
|
|
by GeekyBear
1287 days ago
|
|
|
> A bug on Webview would be fixed with an app update TFA isn't about web browsers. It's about the security keys for multiple vendors leaking to the public. >Ćukasz Siewierski, a member of Google's Android Security Team, has a post on the Android Partner Vulnerability Initiative (AVPI) issue tracker detailing leaked platform certificate keys that are actively being used to sign malware. The post is just a list of the keys, but running each one through APKMirror or Google's VirusTotal site will put names to some of the compromised keys: Samsung, LG, and Mediatek are the heavy hitters on the list of leaked keys, along with some smaller OEMs like Revoview and Szroco, which makes Walmart's Onn tablets. These companies somehow had their signing keys leaked to outsiders, and now you can't trust that apps that claim to be from these companies are really from them. To make matters worse, the "platform certificate keys" that they lost have some serious permissions. https://arstechnica.com/gadgets/2022/12/samsungs-android-app... Are you claiming that the Play Store will push an update to fix this issue on unsupported devices? |
|
|