Hi all, I am going to implement Certificates pinning in JB 4.2. For that I am broadcasting the intent *android.intent.action.UPDATE_PINS*so that the CertPinInstallReceiver.java will create and write the data into* *the file */data/misc/keychain/pins.
*My question where will be the security .If i pin the certificates by using above concept after some time some other malicious app will have the ability to overwrite with some fake pins or overwrite with it's specific pins so that what ever i have pinned are lost. Please clarify my question related to security. Thanks , DMSR -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
