Reflection too can be bypassed, by hooking getClass / getMethod and
friends, and it's only a matter of time before it's scripted.
One could run two signature checks: one for the reference value stored
in the .apk, the other for the signature of the installed .apk. Or get
the signature from the .apk directly, bypassing PackageManager (if
that's possible).
But, as for me, I'd rather spend my time making a more popular app than
worrying about all of this :)
-- Kostya
13.05.2011 20:41, Dianne Hackborn ?????:
You should definitely be using reflection for any calls to platform
APIs, since those of course can't be obfuscated by ProGuard.
On Fri, May 13, 2011 at 6:48 AM, Nikolay Elenkov
<[email protected] <mailto:[email protected]>> wrote:
On Fri, May 13, 2011 at 8:02 PM, Kostya Vasilyev
<[email protected] <mailto:[email protected]>> wrote:
> This thread has a snippet of modified (hacked) code as well as a
link to the
> script's author:
>
>
http://groups.google.com/group/android-developers/browse_thread/thread/3d92715cd41208e/
>
Thanks, that blog has some interesting stuff. Reading the
fingerprint files of
the tool is also quite informative. Essentially every potentially
useful SDK
method gets replaced, so you'd better make sure you are not
calling those
directly. The IO talk has some interesting ideas about this, but
the more
advanced ones might be overkill for most people.
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to
[email protected]
<mailto:[email protected]>
To unsubscribe from this group, send email to
[email protected]
<mailto:android-developers%[email protected]>
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
--
Dianne Hackborn
Android framework engineer
[email protected] <mailto:[email protected]>
Note: please don't send private questions to me, as I don't have time
to provide private support, and so won't reply to such e-mails. All
such questions should be posted on public forums, where I and others
can see and answer them.
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
--
Kostya Vasilyev -- http://kmansoft.wordpress.com
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
