Isn't that only because the APK gets decrypted and written to "disk" as opposed to only being done in transient memory as the application is launched? There's an application startup overhead obviously to decrypting the APK on-the-fly, but seems like a much higher bar than just cp /data/app/foo.apk...
Dave On Aug 25, 1:50 pm, Michael MacDonald <googlec...@antlersoft.com> wrote: > Encrypting the .apk is like forward-locking; it is easily defeated on > rooted phones. > > On 08/25/10 13:33, keyeslabs wrote: > > > > > That's not what I was picturing. Isn't there some way that we could > > do both? Apps downloaded from market could be encrypted and only > > decrypted by the OS when used (in real time, never decrypted and left > > as an open APK on the device). I guess what I'm looking for is the > > market to encrypt and sign an APK in real time for a particular user/ > > phone when downloaded. Each download would result in different bytes > > for each user/phone > > > This doesn't necessarily preclude the installation of unencrypted apps > > does it? I totally agree that we need app distribution capabilities > > outside the context of Android Market -- it's a necessity for an open > > platform. > > > In a nutshell, what I'm hoping LVL can grow into is a system that > > packages license verification in a way that is really really hard to > > remove. It seems like we've got half of that equation nicely under > > way with LVL in its current form. > > > Dave -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
