Post Syndicated from original https://lwn.net/Articles/916624/

Bleeping Computer reports
that the Android platform signing certificates for several manufacturers
have leaked and been used to sign malware.

However, based on the results, even though Google said that “all
affected parties were informed of the findings and have taken
remediation measures to minimize the user impact,” it looks like
not all the vendors have followed Google’s recommendations since,
at least in Samsung’s case, the leaked platform certificates are
still being used to digitally sign apps.