It would be nice if Android let you check the hash of the APK against a Binary T... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dane-pgp on April 28, 2021 \| parent \| context \| favorite \| on: Grand jury subpoena for Signal user data, Central ... It would be nice if Android let you check the hash of the APK against a Binary Transparency log hosted by a third party. Google have even written extensively about this idea: https://transparency.dev/application/add-tamper-checking-to-...

psanford on April 28, 2021 [–]

Android does verify that any new versions of an APK are signed with the same signing key as previously installed versions. So you would have to compromise the signing key held by the developer in order to push an evil APK.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact