search

ale5000-git / tingle

Tingle - Android patcher
http://forum.xda-developers.com/showthread.php?t=3438764
GNU General Public License v3.0
160 stars 11 forks source link

Security aspect #31

Open rugk opened 7 years ago

rugk commented 7 years ago

How does this app control/limit, which apps can spoof signatures?

Haystack e.g. does/did it via permissions and an entry in the developer tools. How does tingle control it?

Allowing all apps to spoof signatures is obviously dangerous.

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/44198630-security-aspect?utm_campaign=plugin&utm_content=tracker%2F43052892&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F43052892&utm_medium=issues&utm_source=github).
ale5000-git commented 7 years ago

@rugk: The patch was like this (without control) from the start, to easily support every existent device.

I do have plans to improve it, but this won't be soon.