There's clearly no way to stuff the signature into the apk without altering the apk's signature.
But look at the problem we are trying to solve: Stop a pirate taking an apk, hacking in their own resources, package name (, possibly Ad Ids) and publishing as their own app. Resources are easy for them to hack in. Hacking compiled code is hard. Hacking obsfuscated code is much harder still. The one thing that it seems they will have to do is to change your package name to theirs, otherwise Market (AFAICT) won't allow it a duplicate package name to be published. So is it sufficient to just confirm that the package name is the same? This is simple to do and you could even check for partial string matches within the package name to make it harder for them to find and hack out the checks. Or maybe I'm just smoking crack. On Oct 7, 8:44 am, DanH <danhi...@ieee.org> wrote: > Supposedly PackageInfo.signatures[0] gives you the signature. > However, there's a Catch22: You can't get the signature until the app > is packaged, and you can't modify the app to insert the signature > after it's been packaged. > > It would be better if one could get the public key used to sign the > package, but that's apparently not accessible. > > On Oct 6, 5:21 pm, "Raymond C. Rodgers" <raym...@badlucksoft.com> > wrote: > > > Until now, I haven't really concerned myself with app piracy; I only > > have one app under my belt for Android, it's in beta and it's free. I'm > > about to start development on another app and looking to use ProGuard > > for obfuscation and LVL as I would like to make it a paid app, and I've > > been wondering something ever since the news that LVL had been > > circumvented months ago. Is it possible to check the .apk's signature > > from within the API? If not currently, perhaps Google might add some > > code to Android itself or to the API to enable LVL to make sure that the > > .apk signature matches the signature that Android Market already has on > > file? > > > Just a thought, not even necessarily a feasible one. > > Raymond -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
