Yeah, that's essentially what I was saying. On Oct 1, 4:45 pm, Kostya Vasilyev <[email protected]> wrote: > Regarding signature checking - I think having LVL check the signature > against the correct one (known to Market) would be very useful in thwarting > attacks on LVL based on modifying the application code. > > Pirates (hackers) don't have access to the developer's private key, so after > modifying the application, they have to sign it using some other key. This > could be detected by the Market server when performing LVL checks. > > -- > Kostya Vasilyev --http://kmansoft.wordpress.com > > 02.10.2010 1:12 пользователь "DanH" <[email protected]> написал: > > In theory there's no need to checksum your apk file, unless you > suspect it's being dynamically modified. The apk was signed with your > private key, and can't be modified by anyone else without invalidating > the signature. > > What you really want to be sure of is that the application is signed > with your certificate. (Of course, I've not yet found a way to access > that info.) > > On Sep 28, 1:30 am, Asker <[email protected]> wrote: > > > Hi, > > > Following the examples given by Johns Trevor in order to secure > > Android LVL Applications...
-- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
