Google has responded to a claim that Android Market apps can be easily hacked, patched and stripped of their licensing protection.
The vulnerability – which was identified and detailed by Justin Case of Android Police – reportedly makes the apps an “easy target” for off-Market, pirated distribution.
“The current situation with piracy in our community is out of control, and only set to get worse as the platform grows. Sites like the recently taken down AndroidPlayground are profiting from the hard work of our developers, and stifling future development,” explained Case.
“[But] for now, Google’s Licensing Service is still, in my opinion, the best option for copy protection; however, we really need to see a better solution, such as checking the apk for alterations or ways to confirm an application was installed through official means.”
For its part, Google acknowledged an unspecified number of “attacks,” while noting that the relatively new licensing service was a “significant step forward” in comparison to the “plain copy-protection facility” which used to be the norm.
“[It] provides infrastructure [for] developers to write custom authentication checks for each of their applications. [Yes], the first release shipped with the simplest, most transparent imaginable sample implementation, which was written to be easy to understand and modify, rather than security-focused,” Google’s Tim Bray wrote in an official blog post.
“[And yes], some developers are using this sample as-is, which makes their applications easier to attack. [However], the attacks we’ve seen so far are also all on applications that have neglected to obfuscate their code, a practice we strongly recommend.”
Bray also emphasized that 100% piracy protection was “never possible” in any system that runs third-party code.
“[Still], Android Market is already a responsive, low-friction, safe way for developer to get their products to users. The licensing server makes it safer, and we will continue to improve it.
“[In addition], the economics are already working for the developers and against the pirates and are only going to tilt further in that direction.”
