@taviso Google Play downloads apps in clear text. Can this vulnerability be fixed?
@duras I checked, APK SHA-1 is sent over TLS/XMPP and verified after download (for CDN reasons). The scheme seems pretty reasonable to me.
-
-
@taviso it still means that whoever has access to the link can see and also block your download. Our users suffer from this everyday. -
@duras TLS wouldn't prevent that, only make it harder (e.g. http://lcamtuf.blogspot.com/2010/06/https-is-not-very-good-privacy-tool.html …). They could use adb... - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.