What CRC32 checksum? Trevor Johns, in a discussion of LVL, offered up CRC32 as a means of helping detect tampering, but that was simply an example. Otherwise, I am coming up with zero references to the use of CRC32 with respect to APKs.
Do you have a pointer to somewhere in the open source code where they are using a CRC32 checksum in this fashion? Thanks! On Fri, Oct 8, 2010 at 7:12 AM, DanH <[email protected]> wrote: > What I mean is that if the bad actor can manipulate the apk bytes > while still maintaining the same checksum, then the whole scheme is > insecure -- there's no point in having it signed. A CRC32 checksum is > easily spoofed -- the apk bytes need to be checksummed with a > cryptographic checksum of some sort. -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy Warescription: Three Android Books, Plus Updates, One Low Price! -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
