Search Mailing List Archives
[liberationtech] Satori - distributed tamper-resistant circumvention tools
liberationtech at njw.me.uk
Sat May 3 09:35:39 PDT 2014
Quoth Tom Ritter:
> This makes it harder for someone to compromise your account, but not
> Google. In the Android App store, it's a *little* stronger, as apps
> are signed by a developer key, and they need that key to update.
> Except if Google really wanted they could push down an update to
> bypass that. It'd be more work though.
Can you definitely not sign extensions with a private key? I know
you used to be able to; I remember writing code to do that a year or
Could you then force the extension to check the key before updating
itself? Probably not, it's probably well outside of the extension's
control, and besides, if you're worried about an evil google, hey,
they control the browser, so you've already lost.
More information about the liberationtech