Security News > 2017 > December > Android vulnerability allows attackers to modify apps without affecting their signatures

Among the many Android vulnerabilities patched by Google this December is one that allows attackers to modify apps without affecting their signatures. The danger “Although Android applications are self-signed, signature verification is important when updating Android applications. When the user downloads an update of an application, the Android runtime compares its signature with the signature of the original version. If the signatures match, the Android runtime proceeds to install the update,” Guard Square researchers explained. … More →

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/UiKH9rCNndw/