Android Police

Articles Tagged:

signing key

23

Cryptographic key used to sign one of Facebook's Android apps compromised

Cryptographic key used to sign one of Facebook's Android apps compromised

The security of Android app updates hinges on the secrecy of a given app's signing key. It's how app updates are verified as secure, and if it falls into the wrong hands, false updates could be distributed containing nefarious changes. As a result, developers usually guard signing keys quite closely, but someone at Facebook seriously messed up. A key used by the company to digitally sign its Free Basics by Facebook app has been compromised, and third-party apps reusing the key have been spotted online.

After APK Mirror and Android Police owner Artem Russakovskii discovered the issue and reported it to Facebook, the original app listing was pulled from the Play Store and replaced with a new app using a new signing key.

Read More
1

Google Play App Signing can store your signing key in the cloud

Google Play App Signing can store your signing key in the cloud

Google has just introduced a service called Google Play App Signing that allows you to store your app signing keys on Google's servers. This means your keys can't be lost or maliciously destroyed, as sometimes happens. And you won't have to worry about multiple apps using the same key by accident (which also happens).

Read More
Mastodon