[guardian-dev] TOFU/POP: Whole APK Hash?

Mark Murphy mmurphy at commonsware.com
Wed Jan 29 18:54:46 EST 2014


On Wed, Jan 29, 2014, at 15:51, Hans-Christoph Steiner wrote:
> Sounds like you understand correctly.  The whole APK hash is a defense
> against
> things like the master key vulnerability, but yes, it would be a pain in
> the
> ass to make easy to use.  For people who need that

Your last sentence was eaten by a grue. :-)

> As for implementations of these ideas, we have bits and pieces here and
> there,
> but no coherent whole.  The goal is to make the useful parts into a
> easy-to-use library.

OK, thanks for the confirmation!

-- 
Mark Murphy (a Commons Guy)
http://commonsware.com | http://github.com/commonsguy
http://commonsware.com/blog | http://twitter.com/commonsguy

_The Busy Coder's Guide to Android Development_: Version 5.5... And
Still Going Strong!


More information about the Guardian-dev mailing list