But is there any enforcement of the signature policy in practise? i dont know if signatures are in any time validated up its chain? You can not install apps that are not signed, but is there a check for known bad signatures?
and if a developer is blocked by his sigtnature, he can easily generate a new one. i see many apps that have this kind of signature: Issuer: C=US, L=, S=, O=Android, OU=, CN=Android Debug, E= Subject: C=US, L=, S=, O=Android, OU=, CN=Android Debug, E= so there are many people that dont even care about the signature... On Thu, 9 May 2013 19:06:46 -0400, Jeffrey Walton <[email protected]> wrote: > On Thu, May 9, 2013 at 3:37 PM, Keith Makan <[email protected]> wrote: >> At the moment I'm writing a bunch of white papers on android security. >> As a result I've been trying to hunt down some academic style papers on >> Android's Application Signing mechanism, >> I have some high level understanding of how things work---you know the >> whole >> .jar signing, public key, cryptographic hash story---but I >> need a good set of academic papers on the subject to reference. > Well, one of the earliest papers that I know on Semantic > Authentication is by Wagner and Scheier. "Analysis of the SSL 3.0 > protocol," www.schneier.com/paper-ssl.pdf, 1996. > > Semantic Authentication (a.k.a the Horton Principal from 'Horton Hears > a Who') states to authenticate what was meant, and not what was said. > In the case of SSL encryption, that mean one should authenticate both > the plaintext and padding (what was meant); and not just the plain > text (what was said). Padding oracles FTW? > > In the case of Android code signing, it would be APK + Alignment (what > was meant), and not select pieces of the components of an APK (what > was said). As a practical example of the issue, consider a signature > based scanner. Because the bad guy can arbitrarily change alignment, > he/she can produce different thumbprints for the same APK. So an APK > with align=4 may trigger the tripwire, but align=8 would pass > unmolested. > > Nikolay Elenkov just wrote an *excellent* blog entry on Android Code > Signing. See > http://nelenkov.blogspot.com/2013/05/code-signing-in-androids-security-model.html. > > For the academic treatments, Google is your friend: > http://scholar.google.com/scholar?q=android+code+signing. > > Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
