View Single Post
Old September 23rd, 2010, 06:36 PM   #22 (permalink)
howetechnical
Member
Thread Author (OP)
 
howetechnical's Avatar
 
Join Date: Aug 2010
Location: San Diego, CA
Posts: 455
 
Device(s): Samsung Vibrant
Carrier: Not Provided

Thanks: 29
Thanked 90 Times in 50 Posts
howetechnical
Default

Quote:
Originally Posted by Eusibius2 View Post
Hey - thanks for all the answers, they really helped. I'm still curious about this last point though. Couldn't this lead to a security flaw if we can now essentially re-sign a program (or fake sign a new one??) to do something malicious using another dev's key? Wouldn't this essentially fake the requested permissions the program wants the user to agree too?
Yes, but to be honest, anybody who knows how to implement malicious syntax into a program will know how to fake the signature. There are a few auto-signers out there right now. As for the permissions, I don't believe they are stored in the signature files, but I may be wrong as I haven't analyzed it closely. I would presume that the application permissions would be stored in the application itself. What I do know about this particular auto signer is that it's clean, completely free of malicious code, and will not harm the applications it's used on or the devices. I'm a software developer, so I -have- looked for the usual signs of malicious intent as well as scanned it with not only desktop antivirus and antimalware apps (Nod32, Malwarebytes), but also with a couple android ones after re-installation of the modified apk.

This tutorial is simply for those who want to utilize the full versatility of their Android devices. It's not to give the tools needed to create malicious applications. Even though the auto sign will work for that purpose, it's only 1% of what's needed to do so, and anybody knowledgeable enough to write the other 99% does not need this auto signer to complete the job.

I'm getting the impression that you are not really interested in this tutorial itself, but rather in the possibilities and features of the auto sign java program (whether to cause problems here, or purely out of curiosity, I don't know). If this is the case, please request such information on the XDA thread where this tool was created, not here.
__________________
Justin
Samsung Vibrant | Bi-Winning V3 | OverStock 2.4.1 w/KB1
Avid Homebrewer | Home Brew Talk
Beach dwelling Software Engineer in San Diego, CA
Samsung Vibrant Drivers Download | Android SDK | How to Modify Widget Backgrounds and Images
howetechnical is offline  
Last edited by howetechnical; September 23rd, 2010 at 06:41 PM.
Reply With Quote