On 15 February 2011 18:46, rajorshi <[email protected]> wrote:
> But, if someone can edit my preferences file to modify the stored > validity time stamp, grace period and max. retry count to very Any code can be cracked. It's matter of time (and driven cracker). You can make your app harder to crack try to do some own tricker to make it stand against automated cracking tools. Hopefuly rooted phones aren't that popular to make significant difference. Most people are just "joe users". Access to your prefs does not make much difference as LVL returns crypto signed content. Unless private key (which is on the server side) leaks (or the key is computed, which is not trivial) you are still fine as your app can verify if the LVL response is signed and signed with expected key. And since you can't tamper that data and still have the signature intact, tweaking DB content is not enough as one have to hack the app too to think this modified content is legitimate. And if you can make app think so why not to strip the LVL completety or fool it to always think is licensed without even touching the LVL. -- Regards, Marcin -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
