Dev Breaks The Android Market Security and Google Responds

August 25, 2010 - Written By Chris Yackulic

Yesterday an Android developer discovered a relatively simple workaround that allowed him to break the Android Market License Verification Library. It has only been a month since it launched. It supports all versions of the Google Android mobile operating system, 1.5 or higher. All it takes is some hacking knowledge and changing an app’s code. The Google Developer’s blog post stated that LVL (Liscense Verification Library) is very young had does have a hardcore security infrastructure. They also say that as the system grows and matures, developers will have more features and resources at their disposal. The exploit was done due to the licensing system’s use of Java. Java code is what most Android applications are currently written in. Because of Java’s cross-platform compatibility, there are a number of software that decompiles and disassembles Java code, making it an easy for reverse engineering.

Google Developer Advocate Tim Bray has responded to the claims by clarifying a few things about the protection system. Bray made the point to concede that “100% piracy protection is never possible in any system that runs third-party code.” However, Bray says that with the right security and execution, it can become incredibly difficult and costly for people to attempt to pirate. According to Tim Bray, “The best attack on pirates is to make their work more difficult and expensive, while simultaneously making the legal path to products straightforward, easy, and fast. Piracy is a bad business to be in when the user has a choice between easily purchasing the app and visiting an untrustworthy, black-market site.”

Here is a video of what’s going on.