29 Jul
2013
29 Jul
'13
3:55 a.m.
Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> wrote:
My S3 gets OTA updates, I bought it outright and unbranded -- no carrier owns my phone; however, I'm sure that they could if they wanted to given how easy it is to push OTA updates.
Isn't there a signature verification involved? For example, if I were getting updates from a phone manufacturer rather than a carrier, I would expect the phone to hold the manufacturer's public key and accept only updates signed by the corresponding secret key.