Android app signing keys leaked and used to sign malware

One of the most important pillars of Android security is the cryptographic signature key used by developers. Android app updates require that the sign key from the older app on your phone match the one you’re installing. Matching keys are required to ensure that the update comes from the original company and isn’t a malicious hijacking plot. Android would be happy to install app updates if the signing key of a developer was compromised.

Leave a Reply