Android application licensing cracked in under a month


The new licensing system that was set to reinvigorate the paid Android market by offering a more secure solution to Android application developers has been cracked, a little under a month after Google began encouraging its use by developers of paid Android applications.

The "Licensing Service for Android Applications" was supposed to provide developers a “secure mechanism to manage access to all Android Market paid applications."

In theory, the new licensing system would verify against the Android Market licensing server, which would in turn verify the application against existing sales records. If no sales records were found, the application would show an error explaining that it was not properly licensed.

However, according to the author of the new crack, the system is simple to circumvent as a result of how Java code - the language an overwhelming majority of Android applications are written in - is compiled. Because of its cross compatibility between numerous operating systems, Java is compiled in a way that is generally quite simple to decompile, and can usually be deciphered by a skilled set of human eyes.

As a result, in order to patch a protected Android application, all a potential pirate would need to do is decompile the code, find the file that defines the licensing code and swap the function that tells an application it is not licensed, for the function that says it is. By doing this, even if the Android Market’s licensing server told the application that it wasn’t licensed, the code to disable the app would never run.

While piracy of mobile applications is in no way unique to the Android platform, it has always been especially simple to pirate Android applications by simply “sideloading” a cracked app onto your device - without the need to hack or “root” your phone.

Google has not yet commented on the crack.

Report a problem with article
Previous Story

UK Defense Secretary wants Medal of Honor banned

Next Story

Sony looking into Online Pass option for its games

25 Comments

Commenting is disabled on this article.

So, wait, each version has to be decompiled and recompiled? So, in other words, if a developer releases regular updates, hackers would have to either stick to old versions of the software or regularly recrack new releases.

Somehow I don't think it's gonna be as simple as cracks for PC games, where updates are few and far between (unless you're Blizzard and have ten years to kill breaking your games), and demand is significantly higher.

I'm afraid to say I use dodgy downloads on my new Android phone. Annoyingly, I also have to download dodgy copies of apps that are free on the Android market too as they're not available to download from the market on my device.

It's soooo annoying finding an app that sounds perfect and has lots of excellent reviews only to get an "the requested item could not be found" error when trying to download it but I don't know what else to do

djdanster said,

No youtube results appear for 06.16AM. Sure there is other stuff by liquid soul but not that track

I googled it and found a short clip on amazon music the full one is on sale there.
will send u the link via pm

thiXkull said,

I googled it and found a short clip on amazon music the full one is on sale there.
will send u the link via pm

I have found the youtube version

its called 6.15am... strange but its the 6.16am track called as 6.15am - liquid soul

This new licensing system would be almost as cool as actually being able to buy software here in nordics where i live. \o/

Singh400 said,
They really need to sort this out. Android won't take off without devs making apps...

You know, it's already quite popular... Besides, i think the lack of paid apps in most countries is worse I think

Great job at reducing the number of potential quality apps, and increasing the percentage of apps with advertisements. This calls for some techno music!

Chugworth said,
Great job at reducing the number of potential quality apps, and increasing the percentage of apps with advertisements. This calls for some techno music!

Exactly what was rolling through my mind.

What they need to do is have it outside of java code space entirely. Java is way too easy to decompile due to the nature of the language.

cybertimber2008 said,
Next up, they'll have to validate hashes or checksums of the app.

.NET already does this. It's a shame that Google based their software on Java, and not on the open source Mono platform. With this type of problem + the Sun lawsuit, it's very clear that this was the wrong choice.

Good thing Novell is coming out with MonoDroid.

Ryan Hoffman said,

.NET already does this. It's a shame that Google based their software on Java, and not on the open source Mono platform. With this type of problem + the Sun lawsuit, it's very clear that this was the wrong choice.

Good thing Novell is coming out with MonoDroid.

Mono is a Joke.

Ryan Hoffman said,

.NET already does this. It's a shame that Google based their software on Java, and not on the open source Mono platform.

As far as I'm aware Mono is technically illegal.

Pc_Madness said,

As far as I'm aware Mono is technically illegal.

On November 2, 2006, Microsoft and Novell announced a joint agreement whereby Microsoft agreed to not sue Novell's customers for patent infringement.[36] Under the agreement, patent protections extends to Mono but only for Novell developers and customers

Arkos Reed said,

Under the agreement, patent protections extends to Mono but only for Novell developers and customers

Google's developers and other people who develop for Android are not "Novell developers and customers" though.

Pc_Madness said,

As far as I'm aware Mono is technically illegal.


No Mono is not technically illegal. Mono is based off of ECMA standards which are free to use. There is some uncertainty about the parts of .Net that Microsoft did not submit as part of the standard though such as Windows Forms but these are only part of Mono's Windows Compatibility Stack and are not required. Using GTK# instead of Windows Forms for example puts you in the clear and had Google used Mono they would have made their own UI libraries just as they did with Java. In hindsight it would have been a much better decision to go with Mono over Java but I'm sure at the time the decision was made Java looked more clear as it's outlook only became murky with Oracles purchase which was well after Androids initial release.

CrimsonRedMk said,
It was bound to happen sooner or later...as it does with most licensing services.

Happens to MS every software release