[cryptography] How are expired code-signing certs revoked?

Nico Williams nico at cryptonector.com
Wed Dec 7 22:27:56 EST 2011


On Wed, Dec 7, 2011 at 8:12 PM, lodewijk andré de la porte
<lodewijkadlp at gmail.com> wrote:
> I'm afraid "far more effective" just doesn't cut it. Android has "install
> .APK from third party sources" which you'll engage whenever you install an
> APK without using the market, trusted or not. You can just put you malware
> on the market though, they can then pull it back off 'n all but just package
> it in "Sexy asian girls #1283" and the like with different accounts
> everytime. You're still in a bit of a sandbox though, can't help that
> (although some do say it's not worth that much).

You misunderstand.  The Android code signing model isn't intended to
protect you from installing malware: it's intended to help Android a)
provide isolation between apps from different sources, b) protect your
apps from untrusted updates.

To protect you from initially installing or running malware requires
something other than code signing.  The most code signing can do to
protect you from initially installing malware is to limit you to
running software from "trusted" sources, but only if you're willing to
let someone else (e.g., Apple) decide who is trusted and who isn't.

Nico
--



More information about the cryptography mailing list