Hacker News new | past | comments | ask | show | jobs | submit login

Apple controls the root CA on iOS devices. I guess that Google controls the root CA on Android too. Therefore it is within their technical ability to issue a certificate that bears the name of Signal and is trusted by almost all devices. They wouldn’t need to ship any OS upgrades to forge the signature of Signal, as they are already the ultimate authority of who is Signal. I won’t speculate on whether they or their Australian employees will actually do so in the future.



AFAIK, that's not how Android works. Each apk is signed by a standalone certificate (which does not have to be signed by any CA), and the operating system will only allow an upgrade if the same certificate is used. Which means a developer must carefully guard the certificate's private key; if it's lost, the application can no longer be updated, but it must instead be released as a new application with a separate name. And since AFAIK this mechanism is part of the operating system (not the constantly-updated Google Play store), to bypass it would require a full OS update.

(This has other consequences: if a developer releases the same apk to several stores, but it's signed by different certificates on each store, a user who installed the apk from one store will not be able to upgrade it using the other store.)


I don't know, but I presume Google cross-signs APKs that are approved through the Play Store?


No.

Easily checked, run jarsigner -verify -verbose -certs some.apk on an APK of your choice. I ran it on 31 just now, no cross-signing visible anywhere.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: