Hi, Running the emulator from sdk version: android-sdk-windows-1.1_r1,
I have extracted using ADB all packages located under system/app/*.apk and system/framework/framework-res.apk Then using, jarsigner -verify -verbose -certs *.apk One can view the certificates used to sign these various packages. They are all signed with the same certificate parameters. X.509, [email protected], CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US Does it mean, they are really signed with the same key? How could I verify that? They appear to be signed by Android (Google). I guess that if I rebuild the Android image for the emulation, it will be always the same private key used? if yes, this means that this private key should only be used for development purpose. For a commercial product, I guess, the OEM shall sign these packages with its secret private key? Then, I have extracted the permissions of each packages using aapt d permissions *.apk I compared them to the declared permissions provided by "Frameworks \base\core\res\AndroidManifest.xml" corresponding to the framework-res.apk ( the android protected API). None of the framework permissions protected by "signature" or "signatureOrSystem" are used by any of these application packages. Why? All the used ones by application packages are basically either Normal or Dangerous. All these system applications are already installed by the OEM. So, the OEM will already authorize these permissions on behalf of the end- user. However, for any new application installed by the end-user, it seems that a lot of security responsability is handed on the end-user shoulders? Isn't it due to the central design choice of not having a CA to control capability approval of the applications? I mean not having a CA and application/capability approval process, but letting every application developer signing its application without any approval. Indeed, if most of the declared framework APIs were protected by signature, it would force every application developpers to get their applications signed with the same key (used to sign the framework packages). In this case, it will be the OEM key or a common google secret private key. So, we would end-up with a kind of CA ( OEM or google ). correct? Guillaume
