[cryptography] How are expired code-signing certs revoked?

Nico Williams nico at cryptonector.com
Thu Dec 8 11:12:00 EST 2011


On Thu, Dec 8, 2011 at 9:26 AM, Darren J Moffat
<Darren.Moffat at oracle.com> wrote:
> On 12/08/11 03:27, Nico Williams wrote:
>> You misunderstand.  The Android code signing model isn't intended to
>> protect you from installing malware: it's intended to help Android a)
>> provide isolation between apps from different sources, b) protect your
>> apps from untrusted updates.
>
> Android gives you hints about what a given APK might be upto by telling you
> *before* you agree to install it what permissions it wants.

Indeed, but this has nothing to do with Android's signature model.
Signatures are there for continuity.

> I've rejected several otherwise interesting sounding (probably legit) apps
> from the Google Market because the list of permissions looked excessive to
> me based on what that apps claims to do.

And when every app you want [eventually] wants complete free range,
what do you do?  Android should at least let the user reduce the
privileges of paid-for applications -- the current situation is
intolerable.

Nico
--



More information about the cryptography mailing list