Google responds to Android App License Hacking

J

JohnDroid

Guest
google-license-hacking.jpg

It looks like Google is not sleeping at the wheel at this new Android 'App Licensing' initiative. Unsure what's going on? Well, Android Police broke the news story yesterday that it was downright 'trivial' to hack certain apps that are using the new fangled App Licensing scheme announced by Google. (Link Here)

Google wasted no time in responding and had the following to say on their Android Developer blog.

Android Developers Blog said:
It’s been reported that someone has figured out, and published, a way to hack some Android apps to bypass our new Android Market licensing server. We’ll be saying more on this, but there are a few points that deserve to be made right now:

  • The licensing service, while very young, is a significant step forward in terms of protection over the plain copy-protection facility that used to be the norm. In the how-to-pirate piece, its author wrote: “For now, Google’s Licensing Service is still, in my opinion, the best option for copy protection.”
  • The licensing service provides infrastructure that developers can use to write custom authentication checks for each of their applications. The first release shipped with the simplest, most transparent imaginable sample implementation, which was written to be easy to understand and modify, rather than security-focused.
  • Some developers are using this sample as-is, which makes their applications easier to attack. The attacks we’ve seen so far are also all on applications that have neglected to obfuscate their code, a practice that we strongly recommend. We’ll be publishing detailed instructions for developers on how to do this.
  • The number of apps that have migrated to the licensing server at this point in time is very small. It will grow, because the server is a step forward.
  • 100% piracy protection is never possible in any system that runs third-party code, but the licensing server, when correctly implemented and customized for your app, is designed to dramatically increase the cost and difficulty of pirating.
  • The best attack on pirates is to make their work more difficult and expensive, while simultaneously making the legal path to products straightforward, easy, and fast. Piracy is a bad business to be in when the user has a choice between easily purchasing the app and visiting an untrustworthy, black-market site.
Android Market is already a responsive, low-friction, safe way for developer to get their products to users. The licensing server makes it safer, and we will continue to improve it. The economics are already working for the developers and against the pirates, and are only going to tilt further in that direction.

You can click the following link for the full post: Android Developers Blog: Licensing Server News
 
Lol I found out about this by accident as I was experimenting with the market. They may/may not have fixed what I found though. Based on what this says though it seems to be what I found. Its hilarious that it works/used to work cause of how simple it was lol
 
Maybe this will help phone makers stop getting their panties in a bunch about rooted phones...
 
Back
Top