> > The PackageManager GET_SIGNATURES call can be hooked to return the > original signature even if the package has been hacked and re-signed. > There is a script somewhere on the 'net that does this automatically.
Could you kindly provide a link? Do you mean that my check is useless? Anyway, I didn't implemented it upon app start, but only on second activity. This way I hope that, if my app will be cracked as previous version, they won't notice signature check immediately, but only lvl 'standard' check, so that a second cracked release will be necessary after they figure out it still doesn't work. As Dianne correctly wrote, it could be very easy for a cracker to find my simple check against public signature if I don't obfuscate the cabled string; anyway I chose not to burden it further more with obscurity. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
