hannob
commented
5 years ago I don't think this fits here very well. (Also just FYI this is a badly done pull requests, plenty of commits without clear structure, randomly adding newlines somewhere that are unrelated for no good reason.)
This slide from the director of Android Security's RSA talk is interesting, shows what visibility Google has into this stuff - https://youtu.be/TkjJxHqKV00?t=2046
Master Key and FakeID both came out of Bluebox security, later acquired by Lookout- https://www.lookout.com/news-and-press/press-releases/lookout-welcomes-bluebox-security