a little modification on the last question. The SDK API can't get the
signature, but it still possible for the developers to get the signature by
hack the platform code
2010/12/14 Zhihong GUO <gzhh...@gmail.com>
> Hi all,
>
> I want to make it clear how the VerifyLicense method of the class
> ResultListener in class LicenseChecker be called. Is it be called by Android
> Market client?
>
> The VerifyLicense code is as below:
>
> public void verifyLicense(final int responseCode, final String
> signedData,
> final String signature) {
> mHandler.post(new Runnable() {
> public void run() {
> Log.i(TAG, "Received response.");
> // Make sure it hasn't already timed out.
> if (mChecksInProgress.contains(mValidator)) {
> clearTimeout();
> mValidator.verify(mPublicKey, responseCode,
> signedData, signature);
> finishCheck(mValidator);
> }
> }
> });
> }
>
> How the method mValidator.verify can guarantee the response is not faked,
> by its three parameters, mPublicKey, signedData, and signature, if the
> signature here can be get from SDK API?
>
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
