Thanks Earlance. There's not much there: "Starting with Android 4.1, Google Play will help protect application assets by encrypting all paid apps with a device-specific key before they are delivered and stored on a device."
It is the only thing I have been able to find on the topic after you mentioned it. I have a number of Google Alerts set up, and none have fired. Perhaps the folks at Google could blog about it. For what its worth, when I see "device-specific key," I also think of mis-uses, such as tracking. Since the APK is encrypted before being sent to the device, that implies others [Google, et al] have this unique information. Jeff On Fri, Jun 29, 2012 at 12:47 AM, Earlence <[email protected]> wrote: > http://developer.android.com/about/versions/jelly-bean.html > > -Earlence > > On Jun 29, 4:59 am, Jeffrey Walton <[email protected]> wrote: >> On Thu, Jun 28, 2012 at 12:11 AM, Earlence <[email protected]> wrote: >> > Google states that apps downloaded from play will be encrypted on the >> > device. >> > I have a few questions: >> >> > 1. From the documentation, it seems that the APK will be stored in >> > encrypted form in the /data/ partition. If so, does this mean that on >> > every execution, a decryption takes place? If so, the key has to be >> > retrieved onto the device, probably from the users gmail account. >> >> > 2. If I change my device, will my apps go away? The docs say device >> > specific key. Maybe this is an incorrect term? The key should be >> > associated with a key derived from the gmail account? >> >> > 3. If the app is encrypted before download to the device, this means 2 >> > things: a. the key is associated with the gmail account or b. google >> > play talks to the device and the key is really stored on the device >> > somewhere. >> >> My Google-fu is off today - I'm not getting any relevant hits from >> Google or Android's >> sites.https://encrypted.google.com/#q=google+play+apk+encryption+site:andro... >> >> Could you post a link? -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
