On Tue, Jan 15, 2013 at 3:28 AM, btschumy <b...@otherwise.com> wrote: > > On startup, our app now compares the public key returned by this function to > an internal copy of our correct, known public key. If the comparison fails, > the app posts a notification to our server, then quits. The notification > contains a copy of the incorrect public key.
This is not particularly reliable: if I repackage your app, I can change whatever 'internal' values you have. Additionally, some tools will patch stuff in dalivk-cache without ever touching your apk. And, of course, it can be pirated without being repackaged. > > Then, on friday Jan 11th, we got another notification that our anti-piracy > check has been triggered. In both cases, the incorrect public key was as > follows: > > 308204a830820390a003020102020900b3998086d056cffa300d06092a864 ... > I won't post a copy of our own (correct) public key here, but it is very > different from the one above. > This doesn't appear to be the full string, so it doesn't form a valid certificate, but if you convert to binary and run strings on it, you get this: California1 Mountain View1 Android1 Android1 Android1"0 android@android.com0 080415224050Z 350901224050Z0 Not that this proves anything (anyone can generate a certificate with those names), but FIY. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en