On Wed, Oct 29, 2008 at 11:05 PM, Randy S. <[EMAIL PROTECTED]> wrote:
> That makes me wonder if an evil app could stomp a legit app by using the > same package name and a different certificate... > If so, we have to start verifying sigs match bundleIds at SlideME and a whole host of other crap and it would make all OTA apps suspect, anywhere. Since it's all open anyway, we might as well test some other apps and see if we can knock them out or is this just something really weird about SAM-like app upgrades. > and I wonder (doubt) if the official Market screening process looks out for > that kind of issue related to appropriate namespacing for package names. > Even worse. Everyone is screwed. > Thanks for the quick responses and digging as far as you can. Will you > pursue this with a bug submission? > Yep, today. I'll need to try out other apps first and see if it's general or just SAM related. Thanks, Shane --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
