IMHO ... the best way for a dev to protect his app is to have it register itself to the Buyers cell-phone number .... then copies would not work on other phones and the original buyer could backup the app in case anything happens ....
On Wed, Mar 4, 2009 at 3:37 AM, [email protected] <[email protected]>wrote: > > These are good points. I was going to make a similar post but you've > pretty much covered what I had in mind. I also thought there should > have been a simple encryption scheme involved with "copy-protected" > apps. All I can come up with is that implementing a minimal copy > protection scheme was/is not a priority for Google and ADP users/ > developers are unfortunate victims of poor decision-making based on an > incomplete, but nonetheless advertised feature. > > On Mar 2, 3:35 pm, Joe <[email protected]> wrote: > > And why can we not have both? Your argument really does not hold > > water. Think about everyone with G1s who have root and are on RC33. > > Takes all of 30 minutes to root and update (thanks telnet). They are > > not blocked from copy-protected apps, and yet can easily copy out copy > > protected apps from the 'protected' folder, so it really does not make > > any sense to ban ADP users from it. I mean really, all that implies is > > that all Devs are pirates and thieves. Same concept for stores that > > make you leave your bag outside when you walk in; they are calling you > > a thief before you even enter. ADP1.1Holiday is locked out, which is > > technically for Google employees only, so I guess they are all thieves > > ^_~ > > > > My real only gripe is that; the 'copy protect' is so base it is almost > > embarrassing. It really should be a vote to either remove the 'copy > > protection' feature, or actually make something that is a bit harder > > to crack (ie not just a folder that requires root). In reality, any > > copy protection scheme will most likely be broken, but, if it is > > harder to do, then likely people will not go through the effort for a > > 99 cent app. For example how about these schemes (took literally 2 > > minutes for me to think these up): > > > > When a user purchases a copy protected app, have the market encrypt > > the APK file before it is sent for download. Then, when the installer > > is run, have it call back to the google servers to obtain the > > decryption key, which is tied to the user account. IE, for copy > > protected apps, your user account will actually hold all of the keys > > to allow installation on any device that is signed into your account. > > The transfer of keys could even occur over SSL, making it very secure. > > Throw in 128bit + encryption on the APK (openPGP anyone?). > > > > A even simpler method would be to have each dev sign their APKs with a > > license key (think google maps style), which, when purchased would > > store the key on the user's account. When run (or installed) the APK > > can call to the server and see if the current user actually has that > > key in their user account, else, it will not allow installation. Same > > concept, but does not even need encryption. > > > > The point is there is a ton of ways to easily do copy protection that > > works pretty well, and making a simple root protected folder is not > > one of them, and, is quite frankly pretty half assed. The current > > system that is implemented is really misleading for Devs who think it > > offers any protection at all for their applications, and thus, if it > > is not changed, it should be removed. Remember the golden rule, we > > want security, not obfuscation! On that > > note, this should have nothing to do with firmware, or the ability to > > flash it, nor should the firmware have really anything to do with the > > copy protection on the market or installer. Remember, those are closed > > source anyways, so if you can flash new firmware to circumvent it > > (which you currently can), it is a piss poor model that should be > > scrapped. > > > > Sorry if this is a bit rantish, but I have yet to understand why > > anyone would stand behind the current 'copy protection', defend it, or > > even rationalize it. And remember, down the line, I bet most handsets > > will be rooted, just like the G1 was; if there is a challenge, someone > > somewhere will rise to it. > > > > So in short, to make the argument of firmware vs. market 'copy > > protection' is bogus, and it should not even play a factor. The two > > should be separate and autonomous. Devs have paid alot of money for > > their ADP1 phones, and *gasp* might even use it for day to day use, > > and might even want to buy something like bettercut (copy protected), > > or a game or two to make it that much better. > > > > On Mar 2, 6:02 pm, Mark Murphy <[email protected]> wrote: > > > > > vendor.net wrote: > > > > Please vote for +1 if you agree that google should do something to > > > > allow developers with ADP1 to access the paid and protected apps and > > > > finally to release the new firmware we all are waiting for ADP 1.1 . > > > > > I don't think there is a vote necessary on the ADP 1.1 firmware -- that > > > will be released when it's ready, and the core Android team has been > > > fairly explicit and consistent in saying that it is not ready. The fact > > > that it is taking so long is regrettable, but I see no reason to doubt > > > that, when it's ready, it'll be released. > > > > > AFAIK, ADP 1.1 covers the paid apps access, meaning the only gap is in > > > copy-protected apps, which the G1 supports and the ADP1 does not. > > > > > With respect to "allow developers with ADP1 to access the...protected > apps": > > > > > -1 > > > > > This vote is based on a guess: they won't be able to develop an ADP1 > > > firmware that supports copy-protected apps *and* can be used for > > > firmware development. We'll either get one or the other, and a +1 vote > > > means we get copy-protected app access and no ability to replace the > > > firmware. > > > > > Right now, and for the foreseeable future, there will be more devices > > > capable of accessing copy-protected apps than will be usable for > > > firmware development. In fact, it's not completely out of the question > > > that the ADP1 will be the only device *ever* truly usable for firmware > > > development...if the other Android-based phones are all locked for > > > carriers' use like the G1 is. > > > > > Right now, developers who have an ADP1 and need a G1 for the > > > copy-protection issue can at least buy a G1 (e.g., one of the few > > > hundred available on eBay for less than the ADP1 costs) and resell > their > > > ADP1. If the ADP1 gets locked down to allow copy-protected apps access, > > > firmware developers are screwed, possibly forever. > > > > > If there's some evidence to suggest that the ADP1 will truly be able to > > > support both roles (more than JBQ's assertion that dual-role was the > > > original plan, since that may not reflect current reality), that could > > > easily sway my opinion. Or, if firmware developers chime in and claim > > > they don't need an ADP1 for firmware development, that too might sway > my > > > opinion. > > > > > -- > > > Mark Murphy (a Commons Guy)http://commonsware.com > > > > > Android Training on the Ranch! -- Mar 16-20, 2009 > http://www.bignerdranch.com/schedule.shtml > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
