Mac Developer: BBC News - Android Fake ID bug exposes smartphones and tablets
BBC News - Android Fake ID bug exposes smartphones and tablets
BlueBox Labs said it was particularly concerning as phone and tablet owners did not need to grant the malware special permissions for it to act.
If this is true, then essentially Android devices do not have codesigning protection. Sounds like any app can use a self-signed certificate chain to spoof the identifier of a well-known manufacturer. I guess the good news is they are fixing the bug.
Labels: android, certificate, certificate authority, codesign, codesigning