[cryptography] code signing a nuisance?

Jeffrey Walton noloader at gmail.com
Thu Sep 22 07:57:37 EDT 2011


On Thu, Sep 22, 2011 at 1:32 AM, Chris Palmer <snackypants at gmail.com> wrote:
> On Sep 21, 2011, at 10:11 PM, M.R. wrote:
>
>>> Please look into how code signing on Android works and what it means.
>
>> A quick summary would be appreciated, especially on the "meaning" part.
>
> Google: [ android code signing ]
>
> http://www.isecpartners.com/files/iSEC_Securing_Android_Apps.pdf
>
> """Android’s process isolation obviates the need for complicated policy configuration files for sandboxes. This gives applications the flexibility to use native code without compromising Android’s security or granting the application additional rights.
>
> Android permissions are rights given to applications to allow them to do things like take pictures, use  the GPS or make phone calls. When installed, applications are given a unique UID, and the application  will always run as that UID on that particular device. The UID of an application is used to protect its  data and developers need to be explicit about sharing data with other applications. Android supports building applications that use phone features while protecting users by minimizing the consequences of bugs and malicious software. Android’s process isolation obviates the need for complicated policy configuration files for sandboxes. This gives applications the flexibility to use native code without compromising Android’s security or granting the application additional rights."""
>
> The code signing is so that the installer daemon can know that the package was transmitted correctly, and it uses signing keys to enforce the UID separation — only apps signed by the same key can request to have the same UID or to use each other's private permissions. (Any app can use another app's public permissions.)
>
> http://developer.android.com/guide/topics/manifest/permission-element.html#plevel
>
> The Android Eclipse plugin generates you a fresh developer key when you install it and the process of signing apps is an automatic part of the build process. It imposes no limitation or inconvenience on developers.
Making applications a security principal (as Microsoft calls it) was
an awesome idea. It has the potential to solve a lot of problems.



More information about the cryptography mailing list