If someone has root, there is little you can do to really protect yourself from them.
On Tue, Feb 15, 2011 at 9:10 AM, rajorshi <[email protected]> wrote: > I have no experience in cryptography, hence this basic question about > the AESObfuscator in Android LVL. The AESObfuscator uses app specific > info (say package id), device specific info (say > android.provider.Settings.Secure.ANDROID_ID) and a salt to generate a > key to encrypt the SharedPreference file where the ServerManagedPolicy > stores my license information. Now, the app id and the device id are > well known. It will be a simple matter to decompile my app to obtain > the salt even if I obfuscate my code. Won't somebody be able to > generate the key using the three values and edit the SharedPreferences > file easily on a rooted phone? On a non-rooted phone I guess I can > just make the file private and nobody else will be able to access it, > but, what do I do on rooted phones? I can't help feeling I am missing > something here. Why else would the documentation on LVL put so much > emphasis on refactoring and obfuscating LVL to prevent others from > patching the library when a much simpler way would be to just get the > salt and edit the preferences file? Can someone enlighten me on > this? > > ~rajorshi > > -- > You received this message because you are subscribed to the Google > Groups "Android Developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/android-developers?hl=en > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
