Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/mobile/cmd: Applications are signed with insecure hash algorithm (SHA1) #38438

Jacalz opened this issue Apr 14, 2020 · 0 comments

x/mobile/cmd: Applications are signed with insecure hash algorithm (SHA1) #38438

Jacalz opened this issue Apr 14, 2020 · 0 comments
help wanted mobile NeedsFix


Copy link

@Jacalz Jacalz commented Apr 14, 2020


Please note that I am opening this security issue publicly after initially reporting the issues over email to the great people over at the Golang security team and then being told to open it here due to gomobile not being an officially supported project.


I decided to take a look at the signing of the gomobile tsuggestool and I managed to find out that applications currently are signed with SHA1 hashes in the cmd/gomobile/cert.go and cmd/gomobile/writer.go files. It has, since 2005, been treated as insecure and should be replaced as soon as possible due to the possible collision attacks that attackers could use to make it look like (in this case) as if the application hasn't been tampered with, but might have been. This means that an practice, an attacker could sneak in attacks and avoiding the checksum checks for the application.

From the looks of it, the supported checksum algorithms in the v1 signing scheme for Android are MD5, SHA1 and SHA-256. As both MD5 and SHA1 have been cracked using collision attacks in the latest years, I highly suggest moving over to SHA-256 for signing all the applications as it has yet to be cracked.

What operating system and processor architecture are you using (go env)?

Linux but compiling to mobile per description above.

What did you expect to see?

Signing applications and producing a checksum using a secure hashing algorithm, without known collision attacks.

What did you see instead?

Use of SHA1 as an insecure cryptographic primitive when signing applications.

@gopherbot gopherbot added this to the Unreleased milestone Apr 14, 2020
@gopherbot gopherbot added the mobile label Apr 14, 2020
@andybons andybons added help wanted NeedsFix labels Apr 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
help wanted mobile NeedsFix
None yet

No branches or pull requests

3 participants