Actually, the signature checks would have to be done by an external hardware component, or maybe through something like ARM TrustZone. Otherwise, the attacker could disable or manipulate the checks when installing the malware.
So it's up to the phone manufacturers to implement; Google would never be able to implement this in a truly secure fashion, even if they knew all the software installed on the phone a priori.
On a related note, I know that Cisco wants something like this for their hardware, but at runtime instead of just on-boot.
So it's up to the phone manufacturers to implement; Google would never be able to implement this in a truly secure fashion, even if they knew all the software installed on the phone a priori.
On a related note, I know that Cisco wants something like this for their hardware, but at runtime instead of just on-boot.