RSA 1024 Cert Signal Messenger

AES512

Signal recently upgraded the signing certificate for the apk on its website. They now use RSA 4096 but before that they were using RSA 1024. How bad was that for security and how hard would it have been to make a malicious RSA 1024 certificate?

23Sha-ger

https://github.com/signalapp/Signal-Android/issues/9362

Older versions of Android only support RSA 1024 keys.
This doesn't impact security because the majority of users get their Signal APK from the Play Store,
and it would require a much bigger effort to serve a malicious APK over that update channel than
"just" to factor a 1024 RSA key for a malicious app. You would need to MITM a TLS session to Google,
this will break certificate pinning, so that is not something big to be concerned of.
They still cross-sign it with the 1024 bit key:

Please update to the latest version of the Android SDK Build Tools for the best experience. If your apksigner command is out-of-date and doesn't support the latest Android APK Signature Scheme, you may see the following SHA-256 fingerprint for the 1024-bit signing certificate: 29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0 EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26

AES512

How plausible is it that google could serve a malicious version of signal? Is there something that prevents an insider attack like that?