[android-developers] Re: CRC32 checksum use in order to secure Android LVL Applications

Yeah, that's essentially what I was saying.

On Oct 1, 4:45 pm, Kostya Vasilyev <kmans...@gmail.com> wrote:
> Regarding signature checking - I think having LVL check the signature
> against the correct one (known to Market) would be very useful in thwarting
> attacks on LVL based on modifying the application code.
>
> Pirates (hackers) don't have access to the developer's private key, so after
> modifying the application, they have to sign it using some other key. This
> could be detected by the Market server when performing LVL checks.
>
> --
> Kostya Vasilyev --http://kmansoft.wordpress.com
>
> 02.10.2010 1:12 пользователь "DanH" <danhi...@ieee.org> написал:
>
> In theory there's no need to checksum your apk file, unless you
> suspect it's being dynamically modified.  The apk was signed with your
> private key, and can't be modified by anyone else without invalidating
> the signature.
>
> What you really want to be sure of is that the application is signed
> with your certificate.  (Of course, I've not yet found a way to access
> that info.)
>
> On Sep 28, 1:30 am, Asker <mallorc...@gmail.com> wrote:
>
> > Hi,
>
> > Following the examples given by Johns Trevor in order to secure
> > Android LVL Applications...

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en