Skip to content

Posts tagged ‘copy protection’

24
Aug

Google responds to app piracy primer

 piracy bad

Google has responded to an article written this week by Android Police that teaches how to subvert the new Android Market licensing server, issuing a quick acknowledgement, and a promise to revisit the situation soon.

The story clearly stated that it wasn’t intended to show how to pirate apps, though it included directions (and even a video) telling how to hack your way around the new application security measures Google enabled in the Market recently.

Here’s want Google is saying about the subject for now, as written by Tim Bray:

  • The licensing service, while very young, is a significant step forward in terms of protection over the plain copy-protection facility that used to be the norm. In the how-to-pirate piece, its author wrote: “For now, Google’s Licensing Service is still, in my opinion, the best option for copy protection.”
  • The licensing service provides infrastructure that developers can use to write custom authentication checks for each of their applications. The first release shipped with the simplest, most transparent imaginable sample implementation, which was written to be easy to understand and modify, rather than security-focused.
  • Some developers are using this sample as-is, which makes their applications easier to attack. The attacks we’ve seen so far are also all on applications that have neglected to obfuscate their code, a practice that we strongly recommend. We’ll be publishing detailed instructions for developers on how to do this.
  • The number of apps that have migrated to the licensing server at this point in time is very small. It will grow, because the server is a step forward.
  • 100% piracy protection is never possible in any system that runs third-party code, but the licensing server, when correctly implemented and customized for your app, is designed to dramatically increase the cost and difficulty of pirating.
  • The best attack on pirates is to make their work more difficult and expensive, while simultaneously making the legal path to products straightforward, easy, and fast. Piracy is a bad business to be in when the user has a choice between easily purchasing the app and visiting an untrustworthy, black-market site.

We have to agree here.  While the current system is not perfect, it’s far better than no protection for developers at all.  And as Bray points out, the GLS is a place to start and a framework that developers on which developers can improve. Software piracy is always going to be a big concern for application developers, and tutorials about how to circumvent it will only keep the big software houses away from the Market.  

Make no mistake — we promote and encourage hacking your phone, provided it’s the "good hacking" we’re talking about.  But unlocking, rooting and customizing hardware you paid for is very different from software theft.  We applaud Google for facing this one head on, and look forward to their follow up.  [Android Developers Blog]

Posted originally at Android Central

Sponsored by Android Cases and Accessories

27
Jul

Google to provide copy protection to Android Market applications [updated]

Android Market copy protection scheme

Google has announced that it will be rolling out a copy protection mechanism for Android Market applications when used with phones running Android 1.5 or higher.  It works kind of like this:

  • Google sets up a special licensing server, which keeps record of application purchases.
  • Developers can use libraries provided by Google that query this server each time the application is started.
  • The server then tells the application if the user has a valid license to use the application.

Relax everyone.  Google already has this info, it’s how it (and you) keeps track of apps you’ve purchased for re-installation or updating.  All Google has done is allow applications to ping the new server to get a "yes" or "no" on whether or not the user has really paid for the app.  This is a good thing for developers and users alike — at least until someone finds a way around it.  It also means a new SDK is in the works, as this will be out "in the next few months."  Developers can check out the new Licensing Your Applications portion of the Android Developer Guide, and the Android Market Help Center to learn a bit more.  [Android Developers Blog]

Update: There’s a new post on the Android Developers Blog with some clarification and highlights.  Hit the link to see them, here’s a quick overview:  It’s secure, using public/private keys.  Nobody is going to get your details.  User applications don’t talk to the licensing server, the Market handles it all on the back end.  Tools are in place to allow developers handle times when a user may be off line.  This should alleviate some fears, and answer some questions.

Update #2: The original blog post has been updated.  These tools are available for use now, and the old way will be phased out over the coming months.  Maybe the guys in the Android Dev Ecosystem read Android Central :)

 

Posted originally at Android Central

Sponsored by Android Cases and Accessories