I have no experience in cryptography, hence this basic question about the AESObfuscator in Android LVL. The AESObfuscator uses app specific info (say package id), device specific info (say android.provider.Settings.Secure.ANDROID_ID) and a salt to generate a key to encrypt the SharedPreference file where the ServerManagedPolicy stores my license information. Now, the app id and the device id are well known. It will be a simple matter to decompile my app to obtain the salt even if I obfuscate my code. Won't somebody be able to generate the key using the three values and edit the SharedPreferences file easily on a rooted phone? On a non-rooted phone I guess I can just make the file private and nobody else will be able to access it, but, what do I do on rooted phones? I can't help feeling I am missing something here. Why else would the documentation on LVL put so much emphasis on refactoring and obfuscating LVL to prevent others from patching the library when a much simpler way would be to just get the salt and edit the preferences file? Can someone enlighten me on this?
~rajorshi -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
