The title of the post is super scary but I have no idea what it means. There is ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		yalogin on Dec 2, 2022 \| parent \| context \| favorite \| on: Platform certificates used to sign malware The title of the post is super scary but I have no idea what it means. There is no description about it in the linked page. Reading through the comments doesn’t help either. I would just wait for a proper write up.

saagarjha on Dec 2, 2022 [–]

OEMs have a key they can use to sign apps. Some of those keys leaked. This was discover when malware signed with those keys showed up in the wild. This is bad because apps signed with those keys have the "system" authority, which means they bypass many permissions checks.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact