---

Black Hat: Android Master Key Vulnerability Makes Us Safer

Today at the Black Hat Security conference, Forristal delivered a talk that detailed precisely what the Android master key vulnerability is all about. As Forristal explained, Google’s Android had multiple vulnerabilities in how the operating system verifies JAR/ZIP/APK files, which run on Android devices.

Calling it a master key flaw is a bit of a misnomer as it’s not a single key, Forristal said. Rather it’s a family of bugs that allow an attack to bypass signature verification. There are at least four currently known variants of the master key flaw.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis