|
|
|
|
|
|
by archivator
4733 days ago
|
|
|
The thing that makes this dangerous is the "system" certificate for core apps. If you hijack traffic to any update to such an app (and OEMs have a ton of such apps), you you can inject code before it's installed under "system" abs that's that. No, you can't actually go poking into other apps' apks but how many people would press "update" if they see the package manager's "Installing Gallery update, no permissions required" dialog? |
|
|