It really pisses me off that Android doesn't have the basic package manager feature to add another trusted software source. It's Anticompetitive Anti-consumer Nincompoopery that you can't have both Amazon and Google Play sources trusted. Cert chains have been around since before SSL, so it's not like they don't know how: At 1st boot, generate a user cert, it signs the Google or Amazon or etc. store cert to add new sources. It aren't hard, derp.
Probably no american users doing this after black friday, but in the rest of the world, the PokerStars COM mobile app is somewhat popular, too. It allows you to play for real money, which seems to be against Google Play policy (it's available in iPhone AppStore, however), so that's how I ended up checking 'allow untrusted sources'. Of course, after installation that setting *can* be unchecked again. Am I right that even with the option checked, you need physical access to my device or to somehow trick me into actually installing a malicious app (not too difficult)? Or could you do it remotely, say in a drive-by?
best android blackhat talk ever
Thanks for the talk..
I don't think his mic is on
It really pisses me off that Android doesn't have the basic package manager feature to add another trusted software source. It's Anticompetitive Anti-consumer Nincompoopery that you can't have both Amazon and Google Play sources trusted. Cert chains have been around since before SSL, so it's not like they don't know how: At 1st boot, generate a user cert, it signs the Google or Amazon or etc. store cert to add new sources. It aren't hard, derp.
well that changed fast
Can't you just sideload apps downloaded from the internet?
Beast
Probably no american users doing this after black friday, but in the rest of the world, the PokerStars COM mobile app is somewhat popular, too.
It allows you to play for real money, which seems to be against Google Play policy (it's available in iPhone AppStore, however), so that's how I ended up checking 'allow untrusted sources'. Of course, after installation that setting *can* be unchecked again.
Am I right that even with the option checked, you need physical access to my device or to somehow trick me into actually installing a malicious app (not too difficult)? Or could you do it remotely, say in a drive-by?
Google's OS.. nuff said. Level of trust.. zero.