Bug report filed: http://code.google.com/p/android/issues/detail?id=1127
Shane On Thu, Oct 30, 2008 at 5:59 AM, Shane Isbell <[EMAIL PROTECTED]>wrote: > > > On Wed, Oct 29, 2008 at 11:05 PM, Randy S. <[EMAIL PROTECTED]> wrote: > >> That makes me wonder if an evil app could stomp a legit app by using the >> same package name and a different certificate... >> > If so, we have to start verifying sigs match bundleIds at SlideME and a > whole host of other crap and it would make all OTA apps suspect, anywhere. > Since it's all open anyway, we might as well test some other apps and see if > we can knock them out or is this just something really weird about SAM-like > app upgrades. > >> and I wonder (doubt) if the official Market screening process looks out >> for that kind of issue related to appropriate namespacing for package names. >> > Even worse. Everyone is screwed. > > >> Thanks for the quick responses and digging as far as you can. Will you >> pursue this with a bug submission? >> > Yep, today. I'll need to try out other apps first and see if it's general > or just SAM related. > > Thanks, > Shane > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
