zlacker

[return to "F-Droid Fake Signer PoC"]
1. kuschk+X8[view] [source] 2025-01-04 00:07:27
>>pabs3+(OP)
While none of that applies to F-Droids primary use case (the primary F-Droid repo builds all apps from source itself), it nonetheless looks like they failed to correctly handle the issue.

The only reason this didn't turn into a disaster was pure luck.

◧◩
2. Futuri+Jt[view] [source] 2025-01-04 03:37:27
>>kuschk+X8
The primary F-droid repo also hosts the app developer builds in case of reproducible builds, where F-droid will first build from source and then compare it with the dev's build. If its identical, it uses the dev build in the repo and if its not, the build fails.

The use of AllowedAPKSigningKeys afaik is to compare that key with the key used for signing the dev build. If its not the same, the dev build is rejected.

From what I've understood from this POC, its possible to bypass this signature check. The only exploit I can think of with this bypass is that someone who gets access to the developer's release channel can host their own signed apk, which will either get rejected by Android in case of update (signature mismatch) or gets installed in case of first install. But in either case, its still the same reproducible build, only the signature is different.

◧◩◪
3. rollca+Uc1[view] [source] 2025-01-04 14:44:42
>>Futuri+Jt
> The only exploit I can think of with this bypass is that someone who gets access to the developer's release channel can host their own signed apk, which [...] gets installed in case of first install.

That still enables a supply chain attack, which should not be dismissed - virtually all modern targeted attacks involve some complex chain of exploits; a sufficiently motivated attacker will use this.

[go to top]