android - Software Signing -
i new software security, far reading software signing on android, understand software signing useful prevent injecting code inside code. user of software can compare software hash signature using signature's public key, , if don't match software altered.
what don't understand how ensures protection using self signing software. prevents changing software, injecting code inside it, taking self signed signature off, , making brand new 1 on top of it? way new signature ok software , find out if have access modified software right? or there not understating process?
what prevents changing software, injecting code inside it, taking self signed signature off, , making brand new 1 on top of it?
nothing.
i understand software signing useful prevent injecting code inside code
no. signing app 2 scenarios:
confirming app , app b signed same key (and hence same developer, presumably)
confirming app , firmware signed same key
Comments
Post a Comment