Encrypting the .apk is like forward-locking; it is easily defeated on rooted phones.
On 08/25/10 13:33, keyeslabs wrote: > > That's not what I was picturing. Isn't there some way that we could > do both? Apps downloaded from market could be encrypted and only > decrypted by the OS when used (in real time, never decrypted and left > as an open APK on the device). I guess what I'm looking for is the > market to encrypt and sign an APK in real time for a particular user/ > phone when downloaded. Each download would result in different bytes > for each user/phone > > This doesn't necessarily preclude the installation of unencrypted apps > does it? I totally agree that we need app distribution capabilities > outside the context of Android Market -- it's a necessity for an open > platform. > > In a nutshell, what I'm hoping LVL can grow into is a system that > packages license verification in a way that is really really hard to > remove. It seems like we've got half of that equation nicely under > way with LVL in its current form. > > Dave > > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
