Google Launches Licensing Service For Android Applications. Google has just announced a new licensing service allowing Android developers to better protect their applications from unauthorized use. The free service is utilizes a secure mechanism to access to all paid apps on the Android Market, available for apps running on Android 1.5 firmwares or higher. To protect their work, developers must include a set of libraries provided by Google that query the Android Market upon launch to determine the license status of the apps users. The service then returns information on the user if they are authorized to access the app based on stored sales records.
The service provides a real time solution to protecting a developers work, without having to enforce copy protection, something that Apple deploys on iOS with its Fairplay DRM. Google will replace the current Android Market copy-protection system with the new licensing service, developers are encouraged to check the Android Developer Guide to learn how to license their apps immediately.
[EXCLUSIVE] Report: Google’s Android Market License Verification Easily Circumvented, Will Not Stop Pirates | Android News, Reviews, Applications, Games, Phones, Devices, Tips, Hacks, Videos, Podcasts - Android Police. [Update: 8/24/10 @ 7:45 PM EST by Aaron] Tim Bray responded to Justin's article, but seems to have misunderstood the goal.
Thus, Justin has written a follow-up article here. Preface This article was not written to teach people how to pirate or ridicule Google's Android License Verification Library (LVL) that handles communication with Google's Android Market Licensing Service. I am very much against piracy, and very much pro-Google. I have spent more time researching copy protection for my applications than development of the applications themselves. I would like to thank: the author of Star Hunt for allowing me to use his application in my demo video the author of Tasker for allowing me to use his application, which has the best implementation of LVL I found, in this article Both of these applications are available in the market - I highly suggest you give them a try.
Introduction By far the best looking, and nicest option I have seen is Google's own Android Licensing Service. Implications. Google’s new Android Market piracy prevention system circumvented. At the end of July we reported on a new anti-piracy measure from Google that was aimed at cutting the number of pirate apps available for download outside of the Android Market. It appears that the new licensing service has been circumvented already, allowing a would-be application cracker to completely strip an app of any licensing protection, opening them up for unofficial distribution and pirating.
Android Police has an explanation of how the licensing system can be bypassed which centers on disassembling an application using a .APK disassembler called smali/baksmali. Because the licensing verification library is not part of the app itself, developers have to include it inside their apps, meaning that an “attacker” can manually strip out the library, reassemble the app and then distribute it as he/she sees fit. At the moment, the process is a simple proof of concept. 2 out of 3 Android apps use private data 'suspiciously' High performance access to file storage Google's Android operating system doesn't provide controls to adequately protect users' sensitive data, according to a study that found two-thirds of applications monitored used phone numbers, geolocation, and other information “suspiciously.”
The study – by computer scientists at Pennsylvania State University, Duke University, and Intel Labs – randomly selected 30 of the most popular apps from Google's Android Market that access personal information and closely tracked how much of it they transmitted. Fifteen of the apps reported users' locations to remote advertising servers and seven applications broadcast the handset's device number or phone number to outside servers. In almost all the cases, the information was collected without informing users about what was happening. In some cases, information was reported as frequently as every 30 seconds. A PDF of the paper is available here and a list of frequently asked questions is here.