Mobile phones are mostly toys, and as such don't require solid security. Until you use them to check you bank account that is. I doubt they'd ignore that. The signing processes is likely only to have it be swallowed by whatever 'secure execution' mechanism might be in place. I could be wrong and they just figured the risks were negligible. They usually are, terms of service usually include extensive non-liability.
Lewis 2011/9/20 Peter Gutmann <[email protected]> > Marsh Ray <[email protected]> writes: > > >Those are the Cyanogen guys. Android modders. > > The same people who used a "publicly available private key" to sign their > code. Which, being publicly available to anyone, was promptly used by > malware > authors to sign *their* code. > > Reading through some of the Cyanogen threads, I get the impression they see > security as a nuisance to be bypassed rather than a real requirement. > > Peter. > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography >
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
