I've just re-read your last paragraph and felt I should address some of the claims you've made.
To crack the AndAppStore uses 1024 RSA encryption which is considered secure, and even if a cracker got the public key used to decrypt the license information in the application that would only show them what's in the license, it wouldn't allow them to create their own licenses, and so it works on all Android platforms. If you compare this to the current Android Copy Protection mechanism, it relies on applications not being installed on rooted devices (be it G1 or ADP1), and once a cracker has got the apk on a rooted device and copied it they are then free to distribute it as and when they wish. JBQ has pointed out that the current system suffered under time constraints, and I have *never *called the engineers a bunch of amateurs, or claimed to be the worlds greatest security expert, the point I'm making is that Google, as an organisation, agreed to, designed, developed, and rolled out a solution which did not meet the needs of developers from day 1. Al. Jon Colverson wrote: > On Feb 27, 10:12 pm, Al Sutton <a...@funkyandroid.com> wrote: > >> DRM tends to be based on Cryptography and yes, all cryptography is >> breakable >> > > NO, NO, NO, NO, NO, NO, NO! > > Cryptography is intended to be used for, and effective at, > transmitting a message secretly between two parties (A -> B) without a > third-party (E, for eavesdropper) being able to intercept it. The goal > of DRM is transmit a message (in this case, the application) to the > user's device, without the user being able to get access to it. > Unfortunately the user owns the device and can do whatever they like > with it, so B is the same person as E, and cryptography cannot solve > this problem. If you encrypt the software then you simply move the > problem. You can then put the encrypted software in plain sight, but > you have to hide the keys and the temporarily unencrypted software on > the device. You can try and make it difficult to find the keys, but > major players have spent millions of dollars trying to do this and > failed. It may take a substantial amount of effort and/or special > equipment to break the DRM, but once it is broken the unencrypted > software can be as freely distributed as anything else and the whole > system is worthless. > > Also, the statement "all cryptography is breakable" is false. One-time > pad cryptography is provably unbreakable and quantum cryptography is > provably unbreakable according to known physics. More practically, RSA > cryptography is effective and not proven to be breakable unless you > have a quantum computer lying around or you're sitting on a proof of > P=NP that you haven't gotten around to publishing yet. > > All DRM is breakable, and not because of the strength of any > cryptography used with it. > > >> Most DRM doesn't cause anyone any pain when the content is used in the >> manner for which a license has been purchased, the "pain" tends to come >> when people want to use content in ways they may not have a license for >> (e.g. ripping a movie to a hard disk in a different format, moving >> software between machines). >> > > Or, "Fair use" as it is referred to in some jurisdictions. > > >> I'd happily accept measures to allow content >> providers (such as developers) to protect themselves against the >> minority of users who rip them off by freely handing out copies of >> applications because at the level we're dealing with sales of 10 or 20 >> > > No DRM can stop a determined attacker. The Android DRM stops the un- > determined one. Therefore the Android DRM is as good as any DRM can > be. Stop complaining about it as if Google engineers are all amateurs > and you're the world's greatest computer security expert. The > AndAppStore DRM is as trivial to break as any other. It wouldn't even > require an unlocked device or an ADP1 to break it. > > -- > Jon > > > > -- * Written an Android App? - List it at http://andappstore.com/ * ====== Funky Android Limited is registered in England & Wales with the company number 6741909. The registered head office is Kemp House, 152-160 City Road, London, EC1V 2NX, UK. The views expressed in this email are those of the author and not necessarily those of Funky Android Limited, it's associates, or it's subsidiaries. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
