Application Licensing with LVL
Even though Google does not spend a huge amount of time protecting APKs from reverse engineering, they are interested in protecting apps in Google Play from being stolen by other users. It’s a very common practice to pay for an app once and then side load it onto another phone or phones.
The first attempt to protect paid apps was to put all purchased apps in the /data/app-private folder that has root-only access. But so many Android phones are rooted; it was a trivial exercise to break hiding apps in the app-private folder as a protection mechanism.
In Android 4.1 (Jelly Bean), Google introduced Google App Encryption, where paid-for applications were encrypted using a DeviceID. The theory was that paid-for apps ...
Get Bulletproof Android™: Practical Advice for Building Secure Apps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
