Author Topic: Are Android Apps Signed?  (Read 3415 times)

Offline Graham1

  • Comodo's Hero
  • *****
  • Posts: 1890
Are Android Apps Signed?
« on: March 07, 2012, 08:04:48 AM »
Are Android apps signed like Windows executables. If so, I would like to see a "trusted software vendors" list added to CMS.

Knowing how CIS works, I feel a little unsafe that a rogue app "may" make it onto my phone and CMS's antivirus database will not be aware of it.

:)
Ubuntu 18.04 LTS | Chromium | uBlock Origin | Privacy Badger | HTTPS Everywhere
https://www.thevenusproject.com | Beyond Politics Poverty and War

Offline John Buchanan

  • "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well armed lamb contesting the outcome of the vote." ~ Benjamin Franklin
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6683
  • Personal Dragons can be defeated. Improve yourself
Re: Are Android Apps Signed?
« Reply #1 on: March 07, 2012, 08:51:03 AM »
I doubt that would happen as lots of apps are written by individual people in their home and uploaded to the app store.
Please follow Comodo Forum Policy

Bah! Ban 'em all! The only good member is a banned member
And a member is just a policy violator who hasn't been caught yet. >:-D

Offline JoWa

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5886
  • I believe in doubt.
    • Evolutionary history of life
Re: Are Android Apps Signed?
« Reply #2 on: March 07, 2012, 11:47:01 AM »
They are signed, but:
Quote
The certificate does not need to be signed by a certificate authority: it is perfectly allowable, and typical, for Android applications to use self-signed certificates.
https://developer.android.com/guide/publishing/app-signing.html
Ubuntu 19.04 | Firefox 69β | HTTPS Everywhere | Privacy Badger
Forum Policy | Comodo Product Help

Offline Graham1

  • Comodo's Hero
  • *****
  • Posts: 1890
Re: Are Android Apps Signed?
« Reply #3 on: March 08, 2012, 03:24:56 AM »
Is it possible for rogue apps to be installed silently (maybe from visiting websites, etc) on an android phone without the users consent? I'm just thinking that maybe CMS is playing catchup like your windows antivirus software and should rely on a more proactive solution. Maybe Android offers something similar that I'm not aware of.

:)
Ubuntu 18.04 LTS | Chromium | uBlock Origin | Privacy Badger | HTTPS Everywhere
https://www.thevenusproject.com | Beyond Politics Poverty and War

Offline JoWa

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5886
  • I believe in doubt.
    • Evolutionary history of life
Re: Are Android Apps Signed?
« Reply #4 on: March 08, 2012, 03:39:01 AM »
I hope not allowing “unknown sources” in the settings (default) prevents such installs.

A TVL would probably work, but I don’t expect Comodo to add self-signed certificates.

[attachment deleted by admin]
« Last Edit: March 08, 2012, 03:44:38 AM by JoWa »
Ubuntu 19.04 | Firefox 69β | HTTPS Everywhere | Privacy Badger
Forum Policy | Comodo Product Help

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek