Mac Developer: First malware in the wild found exploiting Bluebox's Android app signing flaw
First malware in the wild found exploiting Bluebox's Android app signing flaw: "Earlier this month, the popular Facebook app was caught harvesting users' entire phone books for upload into the social network's vast graph, without notice, and subsequently 'sharing' information with other users 'having some connection to them' on the site. "
They're getting into the American spirit popularized by the NSA! This is an important read because it highlights the reasons that an application bundle needs both external (system verified) and internal (application self-verified) code signatures.
At least, that's my opinion.
Labels: android, facebook, security