Mobile People News

Samsung, LG, Mediatek certificates compromised to sign Android malware

by Michael SzczepanikDecember 5, 2022December 5, 2022

Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications have also been used to sign Android apps containing malware.

The biggest problem here is the fact that, are signed with the same platform certificate and assigned the highly privileged 'android.uid.system' user id, these apps will also gain system-level access to the Android device. Which mean that they can check and do much more than standard apps.

https://arstechnica.com/gadgets/2022/12/samsungs-android-app-signing-key-has-leaked-is-being-used-to-sign-malware/

List of hashes: https://bugs.chromium.org/p/apvi/issues/detail?id=100

Android

Important Malware Security

Google Play’s requirements for COVID-19 apps

by Michael SzczepanikJanuary 7, 2022January 7, 2022

Google just updated Help Center to clarify that all apps handling COVID-19 status data need to complete the "COVID-19 contact tracing and status apps". Also, guidance for developers who no longer wish to publish a contact tracing or status app was added.

Android Updates

Important Policy