• Platform keys or certificates are primarily used to digitally sign core ROM images containing Android OS and associated system applications depending upon the Android OEM brands.

• Google has reported that multiple platform certificates are being used to sign malware. Hackers and/or malicious insiders have leaked the platform certificates of several vendors.

• Google has made public a number of digital certificates used by vendors to validate vital system applications were recently compromised and have already been abused to put a stamp of approval on malicious Android apps.