Note:

Please note that I am opening this security issue publicly after initially reporting the issues over email to the great people over at the Golang security team and then being told to open it here due to gomobile not being an officially supported project.

Description:

I decided to take a look at the signing of the gomobile tsuggestool and I managed to find out that applications currently are signed with SHA1 hashes in the cmd/gomobile/cert.go and cmd/gomobile/writer.go files. It has, since 2005, been treated as insecure and should be replaced as soon as possible due to the possible collision attacks that attackers could use to make it look like (in this case) as if the application hasn't been tampered with, but might have been. This means that an practice, an attacker could sneak in attacks and avoiding the checksum checks for the application.

From the looks of it, the supported checksum algorithms in the v1 signing scheme for Android are MD5, SHA1 and SHA-256. As both MD5 and SHA1 have been cracked using collision attacks in the latest years, I highly suggest moving over to SHA-256 for signing all the applications as it has yet to be cracked.

What operating system and processor architecture are you using (go env)?

Linux but compiling to mobile per description above.

What did you expect to see?

Signing applications and producing a checksum using a secure hashing algorithm, without known collision attacks.

What did you see instead?

Use of SHA1 as an insecure cryptographic primitive when signing applications.