Dumbest Mobile Application Wall

It is hard to raise awareness for many mobile application developers to let them learn security. In this blog, I will share with you some dumb developers who included the private key signing published applications in the application itself which mean anyone can act as him/her to release a newer version without being detected.

Based on the android developer portable, the private key is critical to everyone developer and you should keep them in a safe place. Here is from Android Developer:

Securing Your Private Key


Maintaining the security of your private key is of critical importance, both to you and to the user. If you allow someone to use your key, or if you leave your keystore and passwords in an unsecured location such that a third-party could find and use them, your authoring identity and the trust of the user are compromised.

 

Screen Shot 2013-08-22 at 12.23.41 PM

 

 

Here you are the dumb application wall, please make sure your application name is not on the list.

For enterprise users including MDM/MAM vendors, I suggest you to add all of them to the suspicious list because their private key has been leaked out and their is no way to detect the original application and hacked patched and wrapper one.  

If you are an application market vendor, please add those private key signed application to your blacklist. There is no way you can prove the application is from the original developer, not from another hacker.

 

 Application Name  MD5 Hash
 com.att.um.androidvmv  3E823A7A4EE335AB4398A39BBAAE0ED2
 com.canofsleep.wwdiary  7083EC983B7B9FFC85F1816D7EE50D43
 com.bubblebreaker  416DB17ED251186838857E958C692D0A
 com.infinitedreamfactory.bikinigamehd  06BA1F4B8E26D1195131EB0E65BB2E3F
 com.qxue2000.bubblebreaker  10017FA87DC4CB8D5B602DD89B64D99E
 com.infinitedreamfactory.animalgame  14D51EDC16044FFBB844ED20B027E3FD
 com.dskelly.heartsfree  1C33CE65781BAE0F6F63B0FB5D88AC4D
 isladeideas.com.xatax  2BA210A9DA19A70B1160129ACAC54D31
 com.soribadagames.TurnNDrop  2CB7D30CEB6EE6F1A8185E0557618692
 com.dskelly.android.iFlashcardsFree  3E643D246DA08164C44CA0A24CC5B456
 com.treeline.spt  3E25D2E67801D4305D04CCB088728D07
 com.fasthatchapps.carpuzzleforkids  524965728AB62B5E531D42F855CB5E63
 net.metabirds.botbird  573E9FB1E8606F7B85147AF195502334
 com.hummingbirdpos  54120FB8C1026271CA983C6BECAE01A4
 com.nofouls.footballninja  6B0AA33C79A506CDB8D892275C75CD04
 com.metaswitch.cp.Accession  74FE817BA605B059C34EDB7201D3AB64
 net.hciilab.android.cappuccino  7C7B6CC2C9BCDABE6D583071D4C15421
 sg.com.sbstransit.irisdroid  81F5323D90AB383E2557ACF78CBFBB9B
 com.metaswitch.cp.PCS1  7A9DEEF500C508A78B132FB6051A10CA
 com.geowok.chickrush  B4E4DFC873D8A50535951748C16BDBD9
 com.tencent.meishi  D0A3B0C24128C60870F00629F94B7140
 com.infinitedreamfactory.bikinigame  E6AC8EFB0FEC40F84E8C8CE96EC3759B
 com.tx.photo  327F508D03F26B08C1F94676A345D300
 com.tx.chat  843E837E0180FBA25E01CDBEA37F0566
 com.tx.fate  2798A3739A6FBB1C93FAEE2E76A13D77
 com.dskelly.galacticconquestdemo  E7F5909035C86075D6157F99D4E92AFA
 com.tx.love  2E3093D3C4E2944CD02FC90546B06B99
 com.tx.pet  22B355482D5F3EDF49DBE82816759058
 com.tx.farm  EFEA4FA2A10571E9605B883012432E4F
 com.tx.chat  5B13F6C8E28D172E7E53F1DF5340A38D
 com.anmo  D54462839EF2BE638349F7D6610DF790
 com.tx.look  4C6E8FCE998C72AB15ED2FF6D36E01AA
 com.tx.fate  38727F3FA2D0AF36C0DF262F95CAD50E
 com.tx.chat  AEB7F5FCE77A940B2BB06187BBB6F6D6
 com.tx.twitter  57D69E65812DA5B933F4E3BC1AA9B92D
 com.tx.site  95C58C487486FFB5D242C99E75901C6A
 com.tx.chat  03F1B94F5FE334E7402B96484072F2FD
 com.tx.huangdao  39F6FA5658909D112745FCA39E8834F5
 com.tx.chat  2D1901B89B47C8201DDE87183785F596
 com.Accountabillity  3C64757304E78C46F5465C8CCB45978B
 com.standalone.CrosswordLight  5EC469052EC393F7B246A91A308C1CB6
 com.tx.chat  B107C8CC7C64D6D2ADF8F49D3A0D8C8C
 com.tx.show  1847BD16AD97073B34D47CA29DC314F3
 com.tx.show  5C188728E927DBAE6F1E3BE0F980B829
 com.tx.show  CB25A32D842E487530FDD4637959C50C
 com.tx.love  63BEF35BEAF928A26CE270A47989C3B0
 com.tx.farm  F7B184D2BBA3E5189F137F49A526B4E7
 com.tx.love  145EBFC36BF2F2BCC9C8222AD045F972
 com.tx.weather  85DDD590F55FEB3682082C4361FC919E
 com.thrutu.client  F7AF9F29B23ECC30D613E9B4A765D878
 com.tx.fate  917A1AA8FAFB97CDB91475709CA15CDB
 com.tx.chat  51F82C9540248DFA28F6313CF9369595
 com.tx.pet  34F302CDA4CD05E7099BE0FC8D8FFA4F
 com.tx.read  7E93CFEF66A940FD90E96CFC5DC5DEE9
 com.tx.show  2E20120AFBEB65A743B48C3CFBA94F93
 com.tx.read  E5383DE0F33DAE332070CF5F1D8F8FF7
 com.tx.huangdao  452A8543E4BAAD6F601DCC2301D9B315
 com.tx.site  631442DDE6A7AC73D39EC84B4F9EE175
 com.tx.chat  DD6AE8B9E6497A6E539CBC7FB06A7BD6
 com.tx.fate  B6695C6E334E66419C216439A9110DDB
 com.tx.farm  E3BF03BDA9C338613A4E605D497EE92F
 com.nero.android.motosync  DA3D105A6EE12D4CF9996ACECB9AD5CC
 com.tx.twitter  9CB32D837D1105E9FBF3AF75DBAD7C79
 com.jifenka.lottery  5FE3A43B5FACF686D8BFA762F7F3FDFD
 com.tx.chat  E36BAFBBBB15EBB7A573BC015DE201C0
 com.geewiztech.mcadmin4android  57ED60FF7F86EB5FB9CCADFC235D33BE
 com.tx.gold  5FADC09335C2458FBEFCC27674A1E8C1
 com.tx.huangdao  0599DEEA339807218DE78E57FCA7EC12
 com.threejacks.tenthousandlite  45DACDE30AC25B0DD2A8B5542BB6A517
 jp.co.ignis.sakusakugame  498681EAFB625ABA710134F826B51B13
 cn.itkt.travelsky  6AEDCB5C4BD6CAE5218A4337222CF8DC
 com.tx.chat  2CC0C8BE04950642F8EC0C1A10770359
 com.tx.huangdao  2A138F538874891C22D8B96778F5C899
 com.tx.site  1ECBF860FEB0ADB5B5F388E87DA73170
 com.tx.twitter  EB8F7F1214BEE57F3EBC1632BF9CBED5
 yoyo.game.xjgw  E3BC5183FFF19EC7E69D03ED6E9FE3C1
 com.tx.pet  C229D2211982BE6CAF195E8E4777F1E3
 com.tx.love  B238628FF1263C0CD3F0C03E7BE53BFD
 com.tx.weather  BB15DBB81EEC07C65AFD41244C6A958E
 game.xjgw  0B5FB4468CAC4B315646F3BF3DED9C6B
 com.tx.blog  5022328FE80FC5217AD4E6089FA12DD7
 com.mzpai  EDE936373F61070610895F3E661860B7
 com.sbeq.ibox  3B749189E95DD0D03B937A4479E8BDF0
 com.chinamobile.contacts.im  3E3EB3C061641637D7DDB65A99EC82CD
 app.sxol.sxolapp  32F6F9119013906BA89F659F50481A6F
 com.tx.huangdao  80D276DC1ABBEA319AA8D782A8C2BF7F
 com.UCMobile  252FA0297A2383F94BE21D29B39BA087
 com.UCMobile  9B1EE3CEE23C6286A63AF8C02238FC99
 com.aa_app.ui  F79643BFF2A58B5B87D59BDBA0B092D6
 com.newding.hunter.android  B5BFA59F47B64B94438656820CCCF919

 

 

 

 

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s