The security of Android app updates hinges on the secrecy of a given app's signing key. It's how app updates are verified as secure, and if it falls into the wrong hands, false updates could be distributed containing nefarious changes. As a result, developers usually guard signing keys quite closely, but someone at Facebook seriously messed up. A key used by the company to digitally sign its Free Basics by Facebook app has been compromised, and third-party apps reusing the key have been spotted online.
Read MoreCryptographic key used to sign one of Facebook's Android apps compromised was written by the awesome team at Android Police.
Android Match
Post a Comment