I haven’t looked into it, but if it allows just one specific signature to spoof one other specific signature, then I do not see such a security issue, because it wouldn’t suddenly open this mechanism up to everyone.
Even if it would require spoofing of multiple signatures, if there is a limited list of signatures to spoof as and a whitelist of signatures for the apps that are allowed to spoof them, then it would also be limited enough, IMO.
I haven’t looked into it, but if it allows just one specific signature to spoof one other specific signature, then I do not see such a security issue, because it wouldn’t suddenly open this mechanism up to everyone.
Even if it would require spoofing of multiple signatures, if there is a limited list of signatures to spoof as and a whitelist of signatures for the apps that are allowed to spoof them, then it would also be limited enough, IMO.