Regarding signature checking - I think having LVL check the signature against the correct one (known to Market) would be very useful in thwarting attacks on LVL based on modifying the application code.
Pirates (hackers) don't have access to the developer's private key, so after modifying the application, they have to sign it using some other key. This could be detected by the Market server when performing LVL checks. -- Kostya Vasilyev -- http://kmansoft.wordpress.com 02.10.2010 1:12 пользователь "DanH" <danhi...@ieee.org> написал: In theory there's no need to checksum your apk file, unless you suspect it's being dynamically modified. The apk was signed with your private key, and can't be modified by anyone else without invalidating the signature. What you really want to be sure of is that the application is signed with your certificate. (Of course, I've not yet found a way to access that info.) On Sep 28, 1:30 am, Asker <mallorc...@gmail.com> wrote: > Hi, > > Following the examples given by Johns Trevor in order to secure > Android LVL Applications... -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
