ubuntu-phone team mailing list archive

Thread
Date

Re: Calling for Click signing

To: Martin Albisetti <argentina@xxxxxxxxx>
From: Ondrej Kubik <ondrej.kubik@xxxxxxxxxxxxx>
Date: Fri, 6 Jun 2014 10:25:35 +0100
Cc: Ubuntu Phone <ubuntu-phone@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAAosnqvDGGvTsbra9bPgFrjLEi=SE-Z-70t2e=r8fcZVuoV84Q@mail.gmail.com>

 What is going to happen to all the existing apps in the store and apps
already installed once signing is enabled?


On Fri, Jun 6, 2014 at 1:18 AM, Martin Albisetti <argentina@xxxxxxxxx>
wrote:

> On Thu, Jun 5, 2014 at 8:17 PM, Ondrej Kubik <ondrej.kubik@xxxxxxxxxxxxx>
> wrote:
> >
> > At the moment only security measure involved while installing click
> package
> > is https connection to click store. Click package itself is not signed.
> > At the same time even RTM image will have enabled side loading.
> >
> > This opens potential risk that installed application can be "upgraded"
> with
> > trojan version which can steal application's private data. In this case
> > attacker breaks into app's confinement.
> >
> > Worse case would be upgrade of unconfined application with trojan
> version,
> > which would gain full access to protected apis, for example telephony,
> > allowing attacker to send premium SMS without user even realising.
> >
> > If we sign click package, and click installer checks signature against
> > installed version this would significantly improve security.
>
> Yes, we have a plan for it:
>
> https://blueprints.launchpad.net/ubuntu/+spec/foundations-1305-click-package
>
>
> --
> Martin
>

Follow ups

Re: Calling for Click signing
From: Martin Albisetti, 2014-06-07

References

Calling for Click signing
From: Ondrej Kubik, 2014-06-05
Re: Calling for Click signing
From: Martin Albisetti, 2014-06-06