Seems like I was unfortunately very right on this prediction. Just off by a few days :).
LVL is flawed in the same ways that AAL (and other similar approaches) is flawed. Google could do better, and I hope that they will. Obfuscation isn't really going to do much to improve the situation. What is really needed is O/S-level and app store support for signing apps (in real time) based on user credentials, application authors, and phone characteristics. The dependence on the android market app is a single point of failure that is too easy to search for and find regardless of how obfuscated your code is. >From a technical standpoint, LVL will help to some degree, but I've got to think that in terms of P.R., Google did themselves more harm than good here. Dave On Jul 31, 5:21 pm, keyeslabs <keyes...@gmail.com> wrote: > Speaking as someone who has traveled this road before with my own > implementation of basically the same approach, obfuscation will be > critical. With AAL, it took about three days for someone to crack the > app. The process looks something like this: decompile the apk using > a freely available open source tool, find the code that invokes the > licensing check, skip it, recompile and repackage the apk. > Obsfucation will make this more difficult, but not all that tough > given the usage of intents for communication betweenLVLand the > market tool. > > Don't get me wrong, I think thatLVLwill offer a much needed road > bump for pirates -- stealing apps will actually require a crack of > each app. This is a viable approach to license verification and > that's why I took the same route with AAL months ago. It certainly > seems like google could have gone further though. > > The coverage of this has been very extensive in the press, and I would > guess the coverage of the first released crack within a week or two > will also make a fairly big splash, which won't look great for the > platform. > > All told though, I thinkLVLis a positive step for the platform. > Speaking as someone that was seeing 90%+ piracy rates before > implementing something very similar toLVLin my own apps, I'm happy > to see google addressing the problem. > > DaveKeyes > > On Jul 27, 5:44 pm, sblantipodi <perini.dav...@dpsoftware.org> wrote: > > > I haven't understood if using this library external obfuscation > > (proguard for example) is needed > > for security reason or if we can avoid using external obfuscator, it's > > quite a pain using proguard in netbeans plus android sdk. > > > On Jul 27, 10:24 pm, Sebastian Rodriguez <srodrig...@gmail.com> wrote: > > > > I agree with Anton Persson. When will Google realize that opening the paid > > > market to all the other countries is crucial for the market environment :( > > > We don't have access to them here in Singapore either. > > > > But this is a major step already, let's hope for even better! > > > > Seb > > > > On 28 July 2010 04:19, Kaj Bjurman <kaj.bjur...@gmail.com> wrote: > > > > > I saw that entry, and have a question. > > > > > What will happen if the user doesn't have network connectivity? Many > > > > users turn of data traffic when they travel to other countries, but > > > > the probably still want to use the licensed applications. > > > > > On 27 Juli, 19:55, Trevor Johns <trevorjo...@google.com> wrote: > > > > > Android fans, > > > > > For those of you who haven't already heard through our blog, we've > > > > > just launched the Android Market licensing service: > > > > > >http://android-developers.blogspot.com/2010/07/licensing-service-for-... > > > > > > From the above blog post: > > > > > > "This simple and free service provides a secure mechanism to manage > > > > > access to all Android Market paid applications targeting Android 1.5 > > > > > or higher. At run time, with the inclusion of a set of libraries > > > > > provided by us, your application can query the Android Market > > > > > licensing server to determine the license status of your users. It > > > > > returns information on whether your users are authorized to use the > > > > > app based on stored sales records." > > > > > > Developer documentation is available here: > > > > > >http://developer.android.com/guide/publishing/licensing.html > > > > > > Happy coding! > > > > > > -- > > > > > Trevor Johns > > > > > Google Developer Programs, Androidhttp://developer.android.com > > > > > -- > > > > You received this message because you are subscribed to the Google > > > > Groups "Android Developers" group. > > > > To post to this group, send email to android-developers@googlegroups.com > > > > To unsubscribe from this group, send email to > > > > android-developers+unsubscr...@googlegroups.com<android-developers%2Bunsubs > > > > cr...@googlegroups.com> > > > > For more options, visit this group at > > > >http://groups.google.com/group/android-developers?hl=en > > > > -- > > > Sebastien Rodriguez -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
