Introduction Reverse domain name notation writing identifiers like com.example.app instead of app.example.com has become a de facto standard for naming software packages and applications. This convention is pervasive across programming ecosystems and platforms, from Java class packages to Android app IDs and iOS bundle identifiers. It was adopted to ensure global uniqueness and avoid naming collisions without requiring a central authority. However, reverse-DNS naming was never backed by formal regulation or ownership verification . In practice, any developer can choose any reverse domain string for their software, regardless of whether they own that Internet domain. This gap between implied and actual ownership creates security and trust challenges that attackers can exploit. Threat model: Adversaries can abuse the assumed trust in domain-based names by impersonating brands or organizations in their identifiers. For example, a malicious Android app could declare a packa...
Kebal Bhandari
Exploration of cybersecurity and emerging tech trends