Where is the source tree for the package: com.android.vending...? Also, is there a link explaining why this is not in the public source tree available via Git? Is it, only because of the dev phones? Doesn't stop rooted phones or eventual reversing. If it is not available to developers, but only phone manufacturers, why is it in the open source package com.android and not in com.google.android instead, because it is not open source? Please correct me, if I’m misguided.
Why I ask and my diatribe: I've installed the Android source code via Git and have successfully executed make. As a developer, I want to totally understand the vending code, the Market interface, and the client-side operation of the Market app. I want to understand the limitations and vulnerabilities surrounding app publishing and how to secure applications from being pirated (I may even want to create a new Market app.) Yea, I know it’s a pipe dream, but at least, I can try to limit pirating to only the most determined and brightest pirates. I need to find a way to automatically link a downloaded app to a phone, and possibly a customer. I want to be able to employ a callback design and auto-register an app upon download, creating a unique app instance per phone. If the app is pulled and installed into another phone then the app will not function correctly, because it is not on the correct phone. Possible? Sure it is. I just need to determine where the Market fits into this story and design for or around it. It would be nice if the Market had a callback feature for vendors to employ, so vendors could serialize there apps and generate a license key incorporating the phone's serial number. Problem is there is no way to stop a hacker from getting your app and cracking it. They don’t even need a phone to access the market, because the emulator can be engineered to access the market and download apps. And if not the emulator then a rooted phone can introspect and capture all I/O and traces of market interfacing too. This means vendors should use the market as a proxy to the real app and force the user to download missing code which requires the phones serial number to unlock the app, which has dynamically generated code embedded that only runs on that phone. There are several ways to accomplish this. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
