Hello, i am trying to understand if the following can be considered a valid strategy to mitigate the risk of my (free) app to get hacked.
I am considering to read my developer public key via: PackageInfo info = pm.getPackageInfo( "xxx.xxx.xxx.xxx", PackageManager.GET_SIGNATURES ); I would then send via https the retrieved public key to my server, which will then decide (and enable or not some online features) if the app is genuine or not, by checking if that is indeed my public key. Can anybody give me a feedback on this approach ? Is it true that is not possible to change the dalvik code (for example putting a line to log my public key) without having to re-sign the apk with a different key ? Thanks Andrea -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
