The default implementation for KeyStore, the system in Android designed to store user credentials and cryptographic keys, is broken, researchers say. In a an academic paper published this week, researchers argue that the particular encryption scheme that KeyStore uses fails to protect the integrity of keys and could be exploited to allow an attacker to modify...