I just posted an update to my "PoC for fdroidserver AllowedAPKSigningKeys certificate pinning bypass" post to oss-security:
openwall.com/lists/oss-securitβ¦
Original post:
openwall.com/lists/oss-securitβ¦
GitHub repo with patches, PoCs, and a script to scan for potentially affected APKs:
github.com/obfusk/fdroid-fakesβ¦
GitHub - obfusk/fdroid-fakesigner-poc: F-Droid Fake Signer PoC
F-Droid Fake Signer PoC. Contribute to obfusk/fdroid-fakesigner-poc development by creating an account on GitHub.GitHub