It should not be related with the default keys. Or it will less harm than the situation right now.
The article of bluebox describe it as "it possible to change an application’s code *without affecting* the cryptographic signature of the application". So, not only platform keys ~ On Saturday, July 6, 2013 10:51:57 PM UTC+8, Jeffrey Walton wrote: > > Hi All, > > Has anyone gotten any details of Android bug 8219321 (master keys) > being discussed in the media? AOSP bugs reporter is not showing any > information (http://code.google.com/p/android/issues/list). > > I'm wondering if the platform builders are using the default keys. > Marko Gargenta discusses the four default keys briefly in > http://www.youtube.com/watch?v=NS46492qyJ8. (Excellent video, btw). > > Are there any controls we can place to mitigate the possible threats > (assuming they are threats)? > > Jeff > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
