On Tue, Jul 27, 2010 at 11:54 PM, Ken <[email protected]> wrote: > it's very new and i just notice it this morning. i want to know how > google handle something like dns fraud? > > for example, if google is connecting to licensing.google.com for > licensing checking, what if the one manually point the host name to > his server which can providing fake licensing result? > > Regards, > Ken
That's why we use public-key cryptography to sign license responses. The fake licensing server wouldn't have access to the private key. As a result, the forged license response would fail verification. -- Trevor Johns Google Developer Programs, Android http://developer.android.com -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
