[liberationtech] From Snowden's email provider. NSL???
Reed Black
reed at unsafeword.org
Tue Aug 13 08:52:11 PDT 2013
On Sun, Aug 11, 2013 at 4:46 AM, Michael Rogers
<michael at briarproject.org> wrote:
>> The app store can't substitute a different binary (no developer signing key), users
>> can verify that the app was what the developer produced (via pulling the binary and
>> checking the hash), and advanced users can verify that what the developer
>> produced is what they produce via the replicable build process.
>
> I don't know how the Apple or Chrome app stores work, but on Android the user
> doesn't have a standard way to obtain the developer's key, so the app store could
> sign a modified binary with any key.
Signing isn't sufficient without some means of invalidation under the
developer's control. Even putting aside users who are slow to update,
select users can be served older versions of apps with known
vulnerabilities intact.
More information about the liberationtech
mailing list