Tim,
Removing or stubbing calls to licensing service inside Market App is
difficult, since those calls use encrypted responses. This is not
trivial to mess with.
The LVL library and the application, or the communication between them,
is the easier point of attack. In fact, the original blog post
described a hack that messed with the way the application communicated
with the LVL.
A hack that is not overly complicated makes an application that still
communicates with Android Market, but, because of code changes, is
signed with a new key. This is the case that can be detected.
-- Kostya
25.08.2010 21:31, strazzere пишет:
I'm not sure how this would make code modification impossible?
You patch the application, make it always return a "yes, it was ok" to
the licensing service inside the apk. Application then requests
authentication, it fails, failure comes to application which still
continues to say "yes, it was ok".
So yes, your going to have the market return a fail always, but if
you've patched the application to *not* care, how is that actually
helping?
-Tim
On Aug 25, 10:13 am, Kostya Vasilyev<kmans...@gmail.com> wrote:
25.08.2010 21:04, Dianne Hackborn пишет:> If there are other suggestions
that will actually make things harder
without doing that, I would certainly like to hear them.
Um, make the Market App side of LVL check that the application making
LVL calls is signed with the same key as the .apk uploaded to Developer
Home?
Seems this would make attacks based on code modifications pretty much
impossible, since a modified .apk is signed with a different key from
the developer's.
--
Kostya Vasilev -- WiFi Manager + pretty widget --http://kmansoft.wordpress.com
--
Kostya Vasilyev -- WiFi Manager + pretty widget -- http://kmansoft.wordpress.com
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
