The new licensing system that was set to reinvigorate the paid Android market by offering a more secure solution to Android application developers has been cracked, a little under a month after Google began encouraging its use by developers of paid Android applications.
The "Licensing Service for Android Applications" was supposed to provide developers a “secure mechanism to manage access to all Android Market paid applications."
In theory, the new licensing system would verify against the Android Market licensing server, which would in turn verify the application against existing sales records. If no sales records were found, the application would show an error explaining that it was not properly licensed.
However, according to the author of the new crack, the system is simple to circumvent as a result of how Java code - the language an overwhelming majority of Android applications are written in - is compiled. Because of its cross compatibility between numerous operating systems, Java is compiled in a way that is generally quite simple to decompile, and can usually be deciphered by a skilled set of human eyes.
As a result, in order to patch a protected Android application, all a potential pirate would need to do is decompile the code, find the file that defines the licensing code and swap the function that tells an application it is not licensed, for the function that says it is. By doing this, even if the Android Market’s licensing server told the application that it wasn’t licensed, the code to disable the app would never run.
While piracy of mobile applications is in no way unique to the Android platform, it has always been especially simple to pirate Android applications by simply “sideloading” a cracked app onto your device - without the need to hack or “root” your phone.
Google has not yet commented on the crack.
25 Comments - Add comment