These are good points. I was going to make a similar post but you've pretty much covered what I had in mind. I also thought there should have been a simple encryption scheme involved with "copy-protected" apps. All I can come up with is that implementing a minimal copy protection scheme was/is not a priority for Google and ADP users/ developers are unfortunate victims of poor decision-making based on an incomplete, but nonetheless advertised feature.
On Mar 2, 3:35 pm, Joe <[email protected]> wrote: > And why can we not have both? Your argument really does not hold > water. Think about everyone with G1s who have root and are on RC33. > Takes all of 30 minutes to root and update (thanks telnet). They are > not blocked from copy-protected apps, and yet can easily copy out copy > protected apps from the 'protected' folder, so it really does not make > any sense to ban ADP users from it. I mean really, all that implies is > that all Devs are pirates and thieves. Same concept for stores that > make you leave your bag outside when you walk in; they are calling you > a thief before you even enter. ADP1.1Holiday is locked out, which is > technically for Google employees only, so I guess they are all thieves > ^_~ > > My real only gripe is that; the 'copy protect' is so base it is almost > embarrassing. It really should be a vote to either remove the 'copy > protection' feature, or actually make something that is a bit harder > to crack (ie not just a folder that requires root). In reality, any > copy protection scheme will most likely be broken, but, if it is > harder to do, then likely people will not go through the effort for a > 99 cent app. For example how about these schemes (took literally 2 > minutes for me to think these up): > > When a user purchases a copy protected app, have the market encrypt > the APK file before it is sent for download. Then, when the installer > is run, have it call back to the google servers to obtain the > decryption key, which is tied to the user account. IE, for copy > protected apps, your user account will actually hold all of the keys > to allow installation on any device that is signed into your account. > The transfer of keys could even occur over SSL, making it very secure. > Throw in 128bit + encryption on the APK (openPGP anyone?). > > A even simpler method would be to have each dev sign their APKs with a > license key (think google maps style), which, when purchased would > store the key on the user's account. When run (or installed) the APK > can call to the server and see if the current user actually has that > key in their user account, else, it will not allow installation. Same > concept, but does not even need encryption. > > The point is there is a ton of ways to easily do copy protection that > works pretty well, and making a simple root protected folder is not > one of them, and, is quite frankly pretty half assed. The current > system that is implemented is really misleading for Devs who think it > offers any protection at all for their applications, and thus, if it > is not changed, it should be removed. Remember the golden rule, we > want security, not obfuscation! On that > note, this should have nothing to do with firmware, or the ability to > flash it, nor should the firmware have really anything to do with the > copy protection on the market or installer. Remember, those are closed > source anyways, so if you can flash new firmware to circumvent it > (which you currently can), it is a piss poor model that should be > scrapped. > > Sorry if this is a bit rantish, but I have yet to understand why > anyone would stand behind the current 'copy protection', defend it, or > even rationalize it. And remember, down the line, I bet most handsets > will be rooted, just like the G1 was; if there is a challenge, someone > somewhere will rise to it. > > So in short, to make the argument of firmware vs. market 'copy > protection' is bogus, and it should not even play a factor. The two > should be separate and autonomous. Devs have paid alot of money for > their ADP1 phones, and *gasp* might even use it for day to day use, > and might even want to buy something like bettercut (copy protected), > or a game or two to make it that much better. > > On Mar 2, 6:02 pm, Mark Murphy <[email protected]> wrote: > > > vendor.net wrote: > > > Please vote for +1 if you agree that google should do something to > > > allow developers with ADP1 to access the paid and protected apps and > > > finally to release the new firmware we all are waiting for ADP 1.1 . > > > I don't think there is a vote necessary on the ADP 1.1 firmware -- that > > will be released when it's ready, and the core Android team has been > > fairly explicit and consistent in saying that it is not ready. The fact > > that it is taking so long is regrettable, but I see no reason to doubt > > that, when it's ready, it'll be released. > > > AFAIK, ADP 1.1 covers the paid apps access, meaning the only gap is in > > copy-protected apps, which the G1 supports and the ADP1 does not. > > > With respect to "allow developers with ADP1 to access the...protected apps": > > > -1 > > > This vote is based on a guess: they won't be able to develop an ADP1 > > firmware that supports copy-protected apps *and* can be used for > > firmware development. We'll either get one or the other, and a +1 vote > > means we get copy-protected app access and no ability to replace the > > firmware. > > > Right now, and for the foreseeable future, there will be more devices > > capable of accessing copy-protected apps than will be usable for > > firmware development. In fact, it's not completely out of the question > > that the ADP1 will be the only device *ever* truly usable for firmware > > development...if the other Android-based phones are all locked for > > carriers' use like the G1 is. > > > Right now, developers who have an ADP1 and need a G1 for the > > copy-protection issue can at least buy a G1 (e.g., one of the few > > hundred available on eBay for less than the ADP1 costs) and resell their > > ADP1. If the ADP1 gets locked down to allow copy-protected apps access, > > firmware developers are screwed, possibly forever. > > > If there's some evidence to suggest that the ADP1 will truly be able to > > support both roles (more than JBQ's assertion that dual-role was the > > original plan, since that may not reflect current reality), that could > > easily sway my opinion. Or, if firmware developers chime in and claim > > they don't need an ADP1 for firmware development, that too might sway my > > opinion. > > > -- > > Mark Murphy (a Commons Guy)http://commonsware.com > > > Android Training on the Ranch! -- Mar 16-20, > > 2009http://www.bignerdranch.com/schedule.shtml --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
