They seem to only be modifying the xml, so I'm hoping it's just a simple operation they're running. I'm not big on DRM, but this could potentially cost us money in this case (since a few thousand have already downloaded the tweaked version - and they could potentially hit our servers), so I just don't want to make it too convenient for them.
-Chad
On Thu, Nov 10, 2011 at 6:38 PM, Zsolt Vasvari <zvasvari@gmail.com> wrote:
If they unpack, modify, resign and redestribute your app, they are
certainly capable of removing any checks you may put in there to
verify any of those things you are mentioning.
--
On Nov 11, 10:21 am, Sheado <chad...@gmail.com> wrote:
> Hi All,
>
> Sorry if this has already been answered, but searching for this is
> returning piles of LVL-related posts.
>
> We recently discovered that our app's apk is being unpacked, modified,
> then resigned and re-distributed without our approval. What's the
> proper way of checking for a modified apk signature?
>
> Currently I have something in place where I get the PackageInfo's
> signatures (e.g. getPackageManager().getPackageInfo) and feed them
> into X509Certificate which i use to check the issuer DN.
>
> This will at least tell me that the DN changed, but that's obviously
> easily to get around.
> What's the proper way to go about checking the package signature with
> a remote service?
>
> Or am I going about this all wrong? Perhaps checksums are the better
> way to go?
>
> Thank You,
> -Chad
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
No comments:
Post a Comment