All the source is there, you could use the package manager to push an application and forward lock it via ADB. Secondly, if you control the device and it's OS (can have a system signer) you could implement this via an application via the install_packages permission.
That's the beauty of this being open source ;) -Tim Strazzere On Mon, Jul 16, 2012 at 12:07 PM, Jeff Enderwick <[email protected]>wrote: > And also what kind of key this is. For example, if there is a per-device > public key, it would be nice from an enterprise POV to be able to use this > same feature for enterprise/side-loaded apps. > > > On Mon, Jul 16, 2012 at 11:08 AM, Dru <[email protected]> wrote: > >> Thanks for the extra info Nikolay. Has anyone found where the key is >> stored as that seems pivotal to the entire security. Also, it seems the >> protection will fall apart on a rooted device where the package can be >> easily repackaged without the encryption and then redistributed. >> >> On Sunday, July 15, 2012 7:30:17 AM UTC-7, Nikolay Elenkov wrote: >> >>> On Fri, Jul 6, 2012 at 7:24 PM, Kevin Chadwick wrote: >>> >> > on the device. The actual APK saved on disk is not encrypted, so it >>> works >>> >> > just >>> >> > as before and no keys are saved on the device. This certainly does >>> >> > not stop anyone with a rooted devices from pulling the APK from the >>> device. >>> > >>> >>> Now that JB source is out, it turns out there is one more piece to the >>> puzzle >>> -- forward locking. If the 'forward lock' flag is set, an encrypted >>> EXT4 container will be built for the app, and the app itself will be >>> split into a >>> public part (resource) readable by everyone and a private part (the >>> actual APK), >>> readable only by root. The whole thing is loopback mounted under >>> /mnt/asec/package.name, just as it was done for apps moved to the SD >>> card. >>> So paid apps (or apps you installed via adb with the -l option) are >>> indeed >>> encrypted with a device-specific key when stored on the device. Which >>> makes >>> it slightly harder to pull the apk and will probably confuse some backup >>> apps. >>> adb backup seems to filter out forward-locked apks, so you only get the >>> preferences and data files in the backup. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/android-security-discuss/-/Gc2Ogo85-mkJ. >> >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
