BSkyB in the United Kingdom has had it’s Android apps on Google Play replaced and defaced by the “Syrian Electronic Army”
Sky are advising everyone who has had these apps installed to remove them as soon as they can. If you have friends and family using these applications on Android, get them to remove them as soon as they can. The security blow here is incredible and it is completely Sky’s fault here.
![Sky attacked by Syrian Electronic Army on Google Play](http://landoftechnology.com/wp-content/uploads/2013/05/nexusae0_image_thumb92-300×251.png)
A main fault of their security is keeping the private key, well private. This is part of the signature verification on Android and the private keys are used to sign apps as Sky. This means those keys could be used by malicious parties to create fake “updates” to these applications. Most companies take a good step of caution with keys (exactly how https works itself) and ensuring private keys are not easily available.
However, this is not a security issue relating to Google and Android, as those systems are fantastic when all parties keep their keys secure.
We hope Sky will update us on what they plan to do shortly, which will most likely be Tuesday at the earliest.