What I'm doing in one of my apps is computing the md5sum of the APK on the device. I check that against known md5's on my webserver. The result is cached, and the server check is done only once in a while. I've been testing this for a couple weeks on one of my less popular apps. Seems to work ok so far, but Diane''s idea seems better.
This plus LVL should raise the difficulty of pirating the app high enough so as not to be worth it for pirates. -Howard On Sep 19, 6:36 pm, Chris Stratton <[email protected]> wrote: > The market licensing server's response has to be timestamped and > digitally signed already, or it would be useless (people could just > root phones and hack the routing tables to point at an imposter > licensing server, probably running locally on the phone) > > > > Bret Foreman wrote: > > Not a bad idea, but a hacker could see the server's response come over > > the network and would probably detect me resending part of that > > response to my server. But an encrypted version of the license server > > response would work. > > > > use market licensing and have the app forward the > > > license server's response to your server when it requests something > > > from you. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
