Re: [android-developers] Using APK Signature to detect .apk tampering (Attn: Dianne??)

On Tue, Jan 15, 2013 at 8:27 PM, Nikolay Elenkov
<nikolay.elenkov@gmail.com> wrote:
> On Wed, Jan 16, 2013 at 4:00 AM, btschumy <bill@otherwise.com> wrote:
>> On Monday, January 14, 2013 7:05:37 PM UTC-7, Nikolay Elenkov wrote:
>>
>>>
>>> This is not particularly reliable: if I repackage your app, I can
>>> change whatever
>>> 'internal' values you have.
>>
>>
>> Perhaps I'm wrong, but a cracker shouldn't be able to modify the code and
>> re-sign it with our signature. If that is possible it defeats the whole
>> purpose of digital signatures, right?
>>
>
> You are mostly right. However, they don't have to sign with your key, just
> any valid key. The signature/certificate only matters if you are updating
> an app. If it is a new install (e.g., download paid app from an all-you-can-eat
> site) anything goes. The usual way to crack these things is unpackage,
> decompile, disable licensing checks, etc., repackage, sign. Your own
> signature/certificate is usually quite irrelevant.

To add some weight to this discussion, I worked on a system which does
exactly this.

Your signature is basically to ensure that your app can't get huge
numbers of installs and then be compromised with people releasing
malicious updates in your name.

(But then again, this is how most Android malware pops up: people
crack your app, put some malware in it, and then release it as free.)

Kris

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en