Researchers have found a very simple method for evading the Android licensing scheme that Google uses to ensure that paid applications in its Android Market are correctly licensed.
The crack takes advantage of the fact that most Android apps are written in Java and the portion of the code that checks to see whether a particular app is properly licensed is easily identifiable and removable. The new method, which comes out just a few weeks after Google debuted its new licensing scheme, simply requires a user to add a small patch to the decompiled Java code of a given application, which will result in the licensing library thinking that the app is licensed, when it is not.

The method was described in a post on AndroidPolice, in which the author details exactly how the licensing scheme works and what a user needs to do in order to evade it. The way that the Android Market Licensing service works is fairly simple. After a user downloads and installs a paid application, the service will check with the Market server to see whether the app is licensed. If it is not, the server will return a message saying that the app must be licensed. The licensing status is stored on the Market server and is signed using a unique key pair.

The link for this article located at ThreatPost is no longer available.