Hi, I was trying to implement suggestions as described in famous article by Tim Bray: http://android-developers.blogspot.com/2010/09/securing-android-lvl-applications.html
I hope I understood the concepts, but I'm experiencing difficulties with the tamper-proof part. Infact, as long as I calculate my apk's CRC32, i can't use that value inside the app because it would oblivously change the CRC again. The same problem is also described here: https://groups.google.com/group/android-developers/browse_frm/thread/291ca9f6199e2355/59d63eadf333e5a6?hl=it&lnk=gst&q=crc+lvl#59d63eadf333e5a6 In that post, Dianne Hackborn suggests to use binary certificates to check .apk integrity (i.e the app was not repacked/cracked) Do you think that this code is effective to do this? (I also obfuscate the code and I made changes to the imported lvl core library as suggested, too): PackageInfo inInfo = getApplicationContext().getPackageManager().getPackageInfo("my.package.name", PackageManager.GET_SIGNATURES); //I only use a signature Signature[] sign = inInfo.signatures; if ("MY_LONG_PUBLIC_KEY".compareTo(sign[0].toCharsString()) != 0) { tampered = true; // I detected tampering? exit } Are there other easy-to-implement tamper detection techniques? thank you, Alessandro -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
