Android OEMs platform certifications and keys are getting heavily abused to obtain digital signatures on malicious applications to gain privilege access.
• Platform keys or certificates are primarily used to digitally sign core ROM images containing Android OS and associated system applications depending upon the Android OEM brands.
• Google has reported that multiple platform certificates are being used to sign malware. Hackers and/or malicious insiders have leaked the platform certificates of several vendors.
• Google has made public a number of digital certificates used by vendors to validate vital system applications were recently compromised and have already been abused to put a stamp of approval on malicious Android apps.