New Crack Evades Android App Licensing Scheme

    Date26 Aug 2010
    Posted ByAlex
    Researchers have found a very simple method for evading the Android licensing scheme that Google uses to ensure that paid applications in its Android Market are correctly licensed. The crack takes advantage of the fact that most Android apps are written in Java and the portion of the code that checks to see whether a particular app is properly licensed is easily identifiable and removable. The new method, which comes out just a few weeks after Google debuted its new licensing scheme, simply requires a user to add a small patch to the decompiled Java code of a given application, which will result in the licensing library thinking that the app is licensed, when it is not.

    The method was described in a post on AndroidPolice, in which the author details exactly how the licensing scheme works and what a user needs to do in order to evade it. The way that the Android Market Licensing service works is fairly simple. After a user downloads and installs a paid application, the service will check with the Market server to see whether the app is licensed. If it is not, the server will return a message saying that the app must be licensed. The licensing status is stored on the Market server and is signed using a unique key pair.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.