Folks, this is bad news. Very, very bad. Hackers and/or malicious insiders have leaked the platform certificates of several vendors. These are used to sign system apps on Android builds, including the "android" app itself. These certs are being used to sign malicious Android apps!
Follow
@MishaalRahman any ideas how wild the keys are? Not that it makes things much safer, but I am sure some infosec folks might enjoy playing with signing their own apps for research. Sadly my current phone is not Android so I will miss out the fun either way.
