Android app flaw allows 'easy piracy'
It is easy to create pirate Android apps that can get around Google’s License Verification Library, it has been claimed.
Most apps in the Android Market can have their licensing protection stripped away, making them easy targets for pirates, it has been claimed.
In a report from the Android Police, the author claimed minor changes could easily be made to an app's code, meaning it could be copied and then reconfigured to help it pass Google's Licence Verification Library (LVL).
By this time, of course, it will not longer be an official app but a pirated one.
Most Android apps are written in Java, the author explained, and these apps are compiled into byte-code. There are numerous software suites that can easily disassemble bytecode, which is in itself "fairly readable", leaving it more open for tampering.
Hackers can then reassemble the code of an app and make alterations to bypass the LVL verification process, therefore placing a pirated app on the marketplace.
The author called for improved solutions for preventing pirated apps finding their way onto the Android Market, such as "ways to confirm an application was installed through official means."
Tim Bray, from the Android developers team, responded to the Android Police findings in a blog post defending LVL.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"Android Market is already a responsive, low-friction, safe way for developer to get their products to users," Bray said.
"The licensing server makes it safer and we will continue to improve it."
Bray also pointed out developers can write custom authentication checks for each of their applications.
Furthermore, all attacks on apps seen by the official Android developer team had so far been on apps which did not feature obfuscated code, providing a further layer of protection, he said.
Bray added: "100 per cent piracy protection is never possible in any system that runs third-party code, but the licensing server, when correctly implemented and customised for your app, is designed to dramatically increase the cost and difficulty of pirating."
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.