Submitted by f0x90 on Thu, 11/28/2013 - 17:26
When Android verifies an apk if there is a duplicate filename the first valid third party apk can be used to pass signature verification but the second file will be installed! Allows for running unsigned code and easy rooting!
http://resources.infosecinstitute.com/android-master-key-vulnerability-poc/
- FROM: f0x90's blog