Android app licensing cracked in less than a month

This isn’t entirely surprising, but I’ve never had problems like this with my old-fashioned “dumb phone” …

There has been some concern about smartphone apps in recent weeks after a malware app worked its way into the Android store that sent premium-rate text messages to make money for criminals.  What’s more the BBC demonstrated a proof-of-concept Java app that seemed to be a simple game of noughts and crosses, but was copying contacts and emails in the background.

Now, NeoWin is reporting that the new licensing scheme for Android apps has been cracked less than a month after coming on-line.

The “Licensing Service for Android Applications” was supposed to provide developers a “secure mechanism to manage access to all Android Market paid applications.”  In theory, the new licensing system would verify against the Android Market licensing server, which would in turn verify the application against existing sales records. If no sales records were found, the application would show an error explaining that it was not properly licensed.

The man responsible for cracking the security has published a paper on his websitein which he details how to reprogram a Java app, which is the language most Android apps are written in, to change its status from unlicensed to licensed.

He says…

I am very much against piracy, and very much pro-Google. I have spent more time researching copy protection for my applications than development of the applications themselves.  Our findings show that most (any?) apps can be easily patched and stripped of licensing protection, making them an easy target for off-Market, pirated distribution. By corollary, this means that sites dedicated to pirating apps can continue to do so, using a few automated scripts mixed with some smarts.

He also provides a video demonstrating his findings.  Google have not yet commented on the crack.

© Mike Halsey for gHacks Technology News, 2010. | Permalink | Add to, digg, facebook, reddit, twitter
Post tags: , , , , , , , ,

Link to Original Content

Western Telematic, Inc. (WTI) designs and manufactures remote power control and remote port access products for the IT industry. Our Outlet Metered PDU products and Console Port Server products provide valuable tools for any IT manager who needs secure, remote access to power control and command functions on rack mounted IT equipment.

Tags: , , , , , , , ,

Comments are closed.