Insufficient data authenticity validation - APK signing
Description
The APK is not digitally signed.
Impact
Mischief users into installing an APK that is not owned by the original author.
Recommendation
Digitally sign the APK.
Threat
Non-authenticated attacker from the Internet.
Expected Remediation Time
⏱️ 60 minutes.
Requirements
122 - Validate credential ownership173 - Discard unsafe inputs178 - Use digital signatures320 - Avoid client-side control enforcementFixes