(enaix.github.io)

194 points sleirsgoevy | 3 comments | 31 Oct 25 20:20 UTC | HN request time: 0.647s | source

1. cyberax ◴[31 Oct 25 23:00 UTC] No.45777655[source]▶

This "attack" is not even theoretical. Android apps can just download arbitrary binary code, mprotect(PROT_MAYEXEC) some area in RAM, link the code there, and run it.

Google will simply revoke the keys for the "loader" APK. But that's fine for malware, its authors will just use the next stolen credit card to register a new account.

That's also why this has nothing to do with security.

replies(1): >>45778834 #

2. clueless ◴[01 Nov 25 02:40 UTC] No.45778834[source]▶

>>45777655 (TP) #

what does it really have to do with?

replies(1): >>45786017 #

3. baby_souffle ◴[01 Nov 25 22:30 UTC] No.45786017[source]▶

>>45778834 #

> what does it really have to do with?

Giving google control over what code runs on $device regardless of how that code got onto the device.

A revoked key doesn't care about how the APK got there...

↑

A theoretical way to circumvent Android developer verification