On Tue, Jul 9, 2013 at 7:39 PM, Pau Oliva Fora <p...@eslack.org> wrote: > On 07/09/2013 11:15 PM, Jeffrey Walton wrote: >> On Mon, Jul 8, 2013 at 4:06 AM, Pau Oliva Fora <p...@eslack.org> wrote: >>>... >> (1) Does this work reliable using `adb -r install` (I have had a lot >> of trouble in the past with '-r'); or does the adbersary need elevated >> privileges? > > just make sure to increase the 'android:versionCode' in the manifest > file, it installs without problem using -r: > > pau@maco:/tmp$ adb install file.apk > 656 KB/s (25886 bytes in 0.038s) > pkg: /data/local/tmp/file.apk > Success > pau@maco:/tmp$ adb install -r evil-file.apk > 1632 KB/s (64844 bytes in 0.038s) > pkg: /data/local/tmp/evil-file.apk > Success > pau@maco:/tmp$ It just occurred to me: this is another bug or violation of semantic authentication. The system is making a decision with security implications on non-authenticated data. The adversary should not be able to tamper with the version code and trick the system into installing downlevel, tampered or defective versions of software.
Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
