On Tue, Aug 24, 2010 at 1:20 PM, keyeslabs <keyes...@gmail.com> wrote:
> LVL is flawed in the same ways that AAL (and other similar approaches) > is flawed. Google could do better, and I hope that they will. > Obfuscation isn't really going to do much to improve the situation. > What is really needed is O/S-level and app store support for signing > apps (in real time) based on user credentials, application authors, > and phone characteristics. The dependence on the android market app > is a single point of failure that is too easy to search for and find > regardless of how obfuscated your code is. > I'm curious, how do you see this helping much? We are already to the point of people having to modify an app to pirate it. Once you do that, you need to strip the credentials off anyway and sign it with your own cert. > From a technical standpoint, LVL will help to some degree, but I've > got to think that in terms of P.R., Google did themselves more harm > than good here. > LVL wasn't done for PR, but to have a better solution to forward locking, and which eliminates many of the problems of forward locking that have been causing trouble for a long time. -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
