All posts in Mobile

Who signed the .apk file?

After a while searching for an older version of an App from the Play Store, I finally found the version I wanted and downloaded it.
In order to install it, you have to “Allow the installation from unknown sources”. So there goes the chain of trust for the app.

Android

So how do you know:

  • Where did the app came from ?
  • Did someone plant Malware in it?
  • Can I trust it?

These are cases for your trusted cryptographer or in the case your certificates.

Basically you need fo follow these steps:

# Dump the apk information
$ANDROID_HOME/build-tools/23.0.0_rc2/aapt dump badging www.apks.org-de.hafas.android.db.apk |grep package

# verify the signer
jarsigner -verbose -verify www.apks.org-de.hafas.android.db.apk |less

# Verify that all files have been signed with the same key
jarsigner -verbose -certs -verify www.apks.org-de.hafas.android.db.apk |less

 

Error -505 while installing Android App

I’ve had the DB Navigator app trying to update itself for the last 3 to 12 months, but hadn’t really put some time into figuring out why it didn’t work.  If figured I was not the only one affected so they would fix it themselves someday. Since that never happens, I took some time and wrote this post.

In a nutshell the problem is that the ticket database was owned by another DB app: de.bahn.dbtickets. I uninstalled it and then could update / re-install the DB Navigator app.

How did I figure this out?, you say

  1. Enabled developer mode on my phone
  2. Connected to it and used adb logcat to see the logs
  3. Tried to install the app
  4. Found this in the logs

E/Finsky (28878): [1] PackageInstallerImpl.handleCommitCallback: Error -505 while installing de.hafas.android.db: INSTALL_FAILED_DUPLICATE_PERMISSION: Package de.hafas.android.db attempting to redeclare permission de.bahn.dbtickets.permission.WRITE_DB already owned by de.bahn.dbtickets
W/Finsky (28878): [1] 3.installFailed: Install failure of de.hafas.android.db: -505 null

So the highlighted part is what told me the problem.

Have fun.

Smart phone / mobile phone tracking and privacy

The first hand-held mobile phone was demonstrated by Motorola in 1973 and since 90s, mobile phones have become one of the technologies that have the biggest impact on the way we live. Cell phones or mobile phones have reached an impressive 96.2% of the world population and have penetrations rates of over 100% in developed nations. This information technology has spread faster that any other, including TV, Radio and the Internet. Can you remember how we lived before cellphones?

Keep Reading →

WebOS Security

I had the pleasure of attending WebOS Developer Workshop in Mainz on Saturday Thgtwi (@thgtwi) did a great job with the organization. SuVuK(@SuVuK_open) did a nice report on the contents of the Workshop in his blog.

I took the opportunity talk about Security in the WebOS platform. I ran some tests based on WebOS 3.X, which is currently available for the HP TouchPad and is being opensourced as Open WebOS. Keep Reading →

Implementing effective controls: Venezuela to block stolen mobile phones

Even though a don’t agree with many of the decisions and laws created in Venezuela, I think this is great example of implementing a control for a big risk. Keep Reading →