Um, no. You should read up on public key cryptography. Their substitute server will not work, because it will not have the proper private key corresponding to the expected certificate. So to get started, they'll have to also replace the public certificate that it's expecting. That would be in the platform, not the app.
But they're also, with the first byte they change, going to invalidate the signature on the code they're modifying, so it won't even load any more. So they're going to have to get around that, as well. Basically, they're going to end up having to hack and resign the app, and hack and resign the OS, and persuade every purchaser to use their replacement OS build (which they'll have to manage per phone model). Only a moron would give complete control over their phone -- including future updates -- over to a pirate. True, there may be a sufficient market of morons to support such activity. I'm not claiming it would never happen. But I don't think that justifies "...and your whole system is dead in the water". (Note that there are better ways to bypass any such check than editing the URL -- I'm just commenting on your supposedly trivial approach). On Aug 21, 6:16 pm, neptune2000 <papa.ma...@gmail.com> wrote: > Do you obfuscate the URLs that contact the Android Market Licensing > server? If you do not, the first thing that the crackers will do is > replace your server URLs with bogus ones with a a hex editor, and your > whole system is dead in the water. Please advise. > > On Jul 27, 1:53 pm, Trevor Johns <trevorjo...@google.com> wrote: -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
