This should work because you won't have signed with the right key, unless you are building your own system image.
frameworks/base/core/res/AndroidManifest.xml declare the receiver for UPDATE_PINS which is handled by frameworks/base/services/java/com/android/server/updates/CertPinInstallReceiver.java which subclasses frameworks/base/services/java/com/android/server/updates/ConfigUpdateInstallReceiver.java which performs verification. -bri On Thu, Jun 13, 2013 at 5:34 AM, DMSR <[email protected]> wrote: > > Hi all, > > I am going to implement Certificates pinning in JB 4.2. > For that I am broadcasting the intent android.intent.action.UPDATE_PINS so > that the CertPinInstallReceiver.java will create and write the > data into the file /data/misc/keychain/pins. > > My question where will be the security .If i pin the certificates by using > above concept after some time some other malicious app will have the ability > to overwrite with some fake pins or overwrite with it's specific pins so > that what ever i have pinned are lost. > > Please clarify my question related to security. > > Thanks , > DMSR > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to > [email protected]. > Visit this group at http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/groups/opt_out. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
