O'Reilly logo

Bulletproof Android™: Practical Advice for Building Secure Apps by Godfrey Nolan

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Application Licensing with LVL

Even though Google does not spend a huge amount of time protecting APKs from reverse engineering, they are interested in protecting apps in Google Play from being stolen by other users. It’s a very common practice to pay for an app once and then side load it onto another phone or phones.

The first attempt to protect paid apps was to put all purchased apps in the /data/app-private folder that has root-only access. But so many Android phones are rooted; it was a trivial exercise to break hiding apps in the app-private folder as a protection mechanism.

In Android 4.1 (Jelly Bean), Google introduced Google App Encryption, where paid-for applications were encrypted using a DeviceID. The theory was that paid-for apps ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required