a little modification on the last question. The SDK API can't get the signature, but it still possible for the developers to get the signature by hack the platform code
2010/12/14 Zhihong GUO <gzhh...@gmail.com> > Hi all, > > I want to make it clear how the VerifyLicense method of the class > ResultListener in class LicenseChecker be called. Is it be called by Android > Market client? > > The VerifyLicense code is as below: > > public void verifyLicense(final int responseCode, final String > signedData, > final String signature) { > mHandler.post(new Runnable() { > public void run() { > Log.i(TAG, "Received response."); > // Make sure it hasn't already timed out. > if (mChecksInProgress.contains(mValidator)) { > clearTimeout(); > mValidator.verify(mPublicKey, responseCode, > signedData, signature); > finishCheck(mValidator); > } > } > }); > } > > How the method mValidator.verify can guarantee the response is not faked, > by its three parameters, mPublicKey, signedData, and signature, if the > signature here can be get from SDK API? > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en