I was reading this <http://null-byte.wonderhowto.com/how-to/make-your-malicious-android-app-be-more-convincing-0163730/> article, and was wondering how such a simple procedure can be effective? I guess the real issue is that the app certificate can not be mapped to an individual. The current process, as I understand it, is that the device validates the hash to be the result of hashing the enclosed app. There is no way of validating the identity of the person who created the app. The other item was that if any developer posts such an app on Google app store, their account would be revoked upon knowledge of app being malicious right? So what would prevent a developer from creating fake accounts? I know I have to read the security section source.android.com. I would sure appreciate any further explanation of what is at the heart of a successful breach such as this.
-- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
