On Wed, Jul 10, 2013 at 9:36 PM, Jeffrey Walton <noloa...@gmail.com> wrote:
> On Tue, Jul 9, 2013 at 7:39 PM, Pau Oliva Fora <p...@eslack.org> wrote:
>> On 07/09/2013 11:15 PM, Jeffrey Walton wrote:
>>> On Mon, Jul 8, 2013 at 4:06 AM, Pau Oliva Fora <p...@eslack.org> wrote:
>>>>...
>>> (1) Does this work reliable using `adb -r install` (I have had a lot
>>> of trouble in the past with '-r'); or does the adbersary need elevated
>>> privileges?
>>
>> just make sure to increase the 'android:versionCode' in the manifest
>> file, it installs without problem using -r:
>>
>> pau@maco:/tmp$ adb install file.apk
>> 656 KB/s (25886 bytes in 0.038s)
>> pkg: /data/local/tmp/file.apk
>> Success
>> pau@maco:/tmp$ adb install -r evil-file.apk
>> 1632 KB/s (64844 bytes in 0.038s)
>> pkg: /data/local/tmp/evil-file.apk
>> Success
>> pau@maco:/tmp$
> It just occurred to me: this is another bug or violation of semantic
> authentication. The system is making a decision with security
> implications on non-authenticated data. The adversary should not be
> able to tamper with the version code and trick the system into
> installing downlevel, tampered or defective versions of software.
This will likely require a re-sign of AndroidManifest.
However, I'm not clear how the system works with multiple signatures -
for example, one signer signs the AndroidManifest, while another signs
classes.dex or other resource. That is, are the signers mixed and
matched with the system being happy as long as there is an appropriate
{rsa|dsa}.sf.
Jeff
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to android-security-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to android-security-discuss@googlegroups.com.
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/groups/opt_out.
