> All copy protection systems have two parts - something they bind to, > and the obfuscation that makes it harder to rip that binding out.
This is basically correct, if you assume that things like encryption are bundled under the umbrella of obfuscation. > So there are obviously two ways copy protection schemes get cracked. > One is that the binding is removed - the obfuscation wasn't good > enough. That's what was being done in the recently published tutorial. > In that case there was no obfuscation at all! This isn't true. If you look back at the article on AndroidPolice proguard was used on at least one of the applications. Furthermore, my contention has been all along that code obfuscation is not going to protect apps all that well. Manual LVL modification might be able to make it difficult for "auto-crack" scripts to remove LVL without human intervention, but I think that regular old obfuscation is going to not be very effective. > Obfuscation is the only thing that will improve this situation! The > two pronged attack is split down the middle - LVL makes obfuscation > your problem and preventing illegitimate licenses being vended Googles > problem. Again, my contention is that something stronger than obfuscation is needed to lock the APK down. OS-level APK encryption support in addition to license verification. I would like to see us get to the point that users must choose to root the phone (similar to Apple) in order to use pirated apps. Better yet, users must root the phone and in so doing remove the legal ability to access some desirable piece of software. I realize that it's easy for me to rant on about what I want, and very difficult for Google to strike the right balance between open and lucrative. My fear at this point is that we're establishing a culture of piracy on Android that is going to be difficult to turn around. Dave On Aug 25, 8:16 am, Mike Hearn <mh.in.engl...@gmail.com> wrote: > > LVL is flawed in the same ways that AAL (and other similar approaches) > > is flawed. Google could do better, and I hope that they will. > > I think it's wrong to focus on what Google could or could not do here. > Did you read my reply to your original mail? If so what did you think > of it? > > All copy protection systems have two parts - something they bind to, > and the obfuscation that makes it harder to rip that binding out. > > Most video games bind to a genuine DVD. Some games, like those > distributed via Xbox Live Arcade, bind to licensing data from an > online market, which is closer to what Android apps are doing. > > So there are obviously two ways copy protection schemes get cracked. > One is that the binding is removed - the obfuscation wasn't good > enough. That's what was being done in the recently published tutorial. > In that case there was no obfuscation at all! Another way is that the > thing the program binds to is swapped out for a duplicate, eg in the > PC world DVD emulation drivers are often used. For Android this > approach means getting a valid license the app accepts in some non- > valid manner. > > > Obfuscation isn't really going to do much to improve the situation. > > Obfuscation is the only thing that will improve this situation! The > two pronged attack is split down the middle - LVL makes obfuscation > your problem and preventing illegitimate licenses being vended Googles > problem. > > Fortunately there's lots of room for creative people to create > interesting obfuscations, either custom for their own product or as a > third party developer who sells copy protection solutions. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en