ubuntu-phone team mailing list archive

Thread
Date

Re: Calling for Click signing

To: Ondrej Kubik <ondrej.kubik@xxxxxxxxxxxxx>
From: Martin Albisetti <argentina@xxxxxxxxx>
Date: Thu, 5 Jun 2014 21:18:05 -0300
Cc: Ubuntu Phone <ubuntu-phone@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAM+TqApV6CGdu0=uUUMpNEk2LGS7GhC9g2yWRtACJopPy5L4PA@mail.gmail.com>

On Thu, Jun 5, 2014 at 8:17 PM, Ondrej Kubik <ondrej.kubik@xxxxxxxxxxxxx> wrote:
>
> At the moment only security measure involved while installing click package
> is https connection to click store. Click package itself is not signed.
> At the same time even RTM image will have enabled side loading.
>
> This opens potential risk that installed application can be "upgraded" with
> trojan version which can steal application's private data. In this case
> attacker breaks into app's confinement.
>
> Worse case would be upgrade of unconfined application with trojan version,
> which would gain full access to protected apis, for example telephony,
> allowing attacker to send premium SMS without user even realising.
>
> If we sign click package, and click installer checks signature against
> installed version this would significantly improve security.

Yes, we have a plan for it:
https://blueprints.launchpad.net/ubuntu/+spec/foundations-1305-click-package


-- 
Martin

Follow ups

Re: Calling for Click signing
From: Ondrej Kubik, 2014-06-06

References

Calling for Click signing
From: Ondrej Kubik, 2014-06-05