ubuntu-phone team mailing list archive

[Ondrej Kubik <ondrej.kubik@xxxxxxxxxxxxx>]

Hi

At the moment only security measure involved while installing click package
is https connection to click store. Click package itself is not signed.
At the same time even RTM image will have enabled side loading.

This opens potential risk that installed application can be "upgraded" with
trojan version which can steal application's private data. In this case
attacker breaks into app's confinement.

Worse case would be upgrade of unconfined application with trojan version,
which would gain full access to protected apis, for example telephony,
allowing attacker to send premium SMS without user even realising.

If we sign click package, and click installer checks signature against
installed version this would significantly improve security.

cheers

// Ondra