Abstract
Developers use their private keys to sign the apps before publishing in Google Play Store, an Official Android Market. These keys must be kept secret as they uniquely identify the authority of a developer. We conduct an investigation on more than 21000 real malware and 1000 benign apps in Google Play Store to justify whether the private keys of these benign apps have been manipulated by malware. As a result, 15 apps are found vulnerable due to the leakage of private keys. We also confirm the attacking technique that uses similar package name in third party apps to lure users to install malware without notice.