The @KhoslaLabs and @UIDAI developers don't know how to generate a #android app certificate correctly 🤦♂️
They keep the default owner and issuer: Google. This is funny, technically, Google is the owner and issuer of #Aadhaar 😂😬🤦♂️
They keep the default owner and issuer: Google. This is funny, technically, Google is the owner and issuer of #Aadhaar 😂😬🤦♂️
As stated by the official documentation, developer.android.com/studio/publish…
"A public-key certificate, also known as a digital certificate or an identity certificate, contains the public key of a public/private key pair, as well as some other metadata identifying the owner of the key"
"A public-key certificate, also known as a digital certificate or an identity certificate, contains the public key of a public/private key pair, as well as some other metadata identifying the owner of the key"
Moreover, "Every app must use the same certificate throughout its lifespan"
So, @KhoslaLabs and @UIDAI cannot change it. They need to reupload another app with a different package name if they really want to change it.
So, @KhoslaLabs and @UIDAI cannot change it. They need to reupload another app with a different package name if they really want to change it.
This name is symbolic, there is no security issue but this is shameful. An #India governmental #Android app which handle the identity of the all country is on the paper owned and issued by Google. We are talking about basic Android programming here 😡
The latest update of the app had been made the 22/07/17, did they lost the release key?
cc @AndroidAuth @AndroidPolice @androidcentral @androidandme @Androidheadline @xdadevelopers @AndroidSPIN @TheHackersNews @verge @CNET @VICE @WIRED @JAMESWT_MHT @malwrhunterteam @hackerfantastic @LukasStefanko @ANDROIDPIT @FigaroTech @virqdroid @twandroid
To answer to the question it's not related to Google App Signing. As stated in Google Developer Console, "Google re-signs the app with the original app signing key that you provided, and delivers your app to the user."
Google App Signing will save your private key online and avoid to be stuck if you lost it. At the end, they still use your key and if the key is correctly configure, the issuer and owner will be set to your name like before.
unroll
• • •
Missing some Tweet in this thread? You can try to
force a refresh
