[guardian-dev] TOFU/POP: Whole APK Hash?
mmurphy at commonsware.com
Wed Jan 29 18:54:46 EST 2014
On Wed, Jan 29, 2014, at 15:51, Hans-Christoph Steiner wrote:
> Sounds like you understand correctly. The whole APK hash is a defense
> things like the master key vulnerability, but yes, it would be a pain in
> ass to make easy to use. For people who need that
Your last sentence was eaten by a grue. :-)
> As for implementations of these ideas, we have bits and pieces here and
> but no coherent whole. The goal is to make the useful parts into a
> easy-to-use library.
OK, thanks for the confirmation!
Mark Murphy (a Commons Guy)
http://commonsware.com | http://github.com/commonsguy
http://commonsware.com/blog | http://twitter.com/commonsguy
_The Busy Coder's Guide to Android Development_: Version 5.5... And
Still Going Strong!
More information about the Guardian-dev