Good point Zsolt, They seem to only be modifying the xml, so I'm hoping it's just a simple operation they're running. I'm not big on DRM, but this could potentially cost us money in this case (since a few thousand have already downloaded the tweaked version - and they could potentially hit our servers), so I just don't want to make it too convenient for them.
-Chad On Thu, Nov 10, 2011 at 6:38 PM, Zsolt Vasvari <[email protected]> wrote: > If they unpack, modify, resign and redestribute your app, they are > certainly capable of removing any checks you may put in there to > verify any of those things you are mentioning. > > On Nov 11, 10:21 am, Sheado <[email protected]> wrote: > > Hi All, > > > > Sorry if this has already been answered, but searching for this is > > returning piles of LVL-related posts. > > > > We recently discovered that our app's apk is being unpacked, modified, > > then resigned and re-distributed without our approval. What's the > > proper way of checking for a modified apk signature? > > > > Currently I have something in place where I get the PackageInfo's > > signatures (e.g. getPackageManager().getPackageInfo) and feed them > > into X509Certificate which i use to check the issuer DN. > > > > This will at least tell me that the DN changed, but that's obviously > > easily to get around. > > What's the proper way to go about checking the package signature with > > a remote service? > > > > Or am I going about this all wrong? Perhaps checksums are the better > > way to go? > > > > Thank You, > > -Chad > > -- > You received this message because you are subscribed to the Google > Groups "Android Developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
