I love how Android phone manufacturers are like, "we prevent you from taking control of your own device because of security", and then proceeds to leak their own platform certificates so that any malware can gain android.uid.system privileges.
@PeterCxy It does span multiple different signing keys (is this what you meant?). Why does this make it more likely that some attacker managed to exfiltrate all those keys as opposed to an attacker managing to get something signed with all of them?
@robryk@qoto.org Sorry I misunderstood "misuse". Yes, it is entirely possible that someone was just able to get something signed with all of them.