(Replying all...) On Thu, Nov 15, 2012 at 8:38 PM, Nikolay Elenkov <[email protected]>wrote:
> On Fri, Nov 16, 2012 at 10:30 AM, Kristopher Micinski > <[email protected]> wrote: > > That's right, there's no special signing on the Play store level, though > > *every* app is signed by a developer, paid or unpaid. (And of course, > there > > are other app stores as well...) > > While this is not signing per se, paid apps are encrypted with a > device-specific key before > being distributed to JB+ devices. They are decrypted on the device as > part of the installation > process, which may additionally create an encrypted container for the > app (forward locking) > > Yes, perhaps I should clarified, and I believe you have a link as to the relevant implementation details on your blog.. Information about who bought which app is kept on the Play Store > servers, and you can > request it using LVL or RESTORE_TRANSACTIONS for in-app billing and > implement online > license checking. It is not embedded in the actual APKs though. > Yes, kris -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
