In order to protect applications from this kind of attack or ambiguity, application designers or developers should add the identity of the intended recipient to application data to be signed.