Re: [android-developers] Re: What is difference between the Android App downloaded using Google Play store and the one directly installed?

I have some severe doubts that unpackaging would include rewriting on the device side in standard AOSP, simply because it's open source and that unpackaging code is publicly available and people can easily snoop it to see what's happening.  Instead, the typical use case for this is rewriting at the server side and then distributing the app (although, as I said, this seems somewhat dubious legally wrt copyright).

Kris

On Mon, Oct 7, 2013 at 3:05 AM, Richard Schilling <coderroadie@gmail.com> wrote:

I had the pleasure of being one of the developers on the Amazon App store.

Nikolay is correct in that when the Amazon appstore was first released the intention (if memory serves) was to handle things server-side.  There was some client-side code that was needed make sure that person using an app is the one that downloaded it.  Ergo, the DRM library now exists in Android. :-)

So, that may be a more complete answer to the original question: is the app modified by the phone after it's downloaded?

The answer to that question may be false (for now) - it's impossible to tell because it depends in theory on Google and the carriers.  Who knows what Android will do to apps in the future ..... both Google and carriers reserve the right to change how the device unpackages and processes an .APK.

What could be the cause of the digest check failure mentioned in the original question may indeed be to something happening on the server side.  Other than DRM enhancement, you might expect things like unused assets to get stripped.

Cheers,

RIchard

On Saturday, October 5, 2013 6:37:59 PM UTC-7, Nikolay Elenkov wrote:

On Sun, Oct 6, 2013 at 4:09 AM, Richard Schilling <coder...@gmail.com> wrote:
> It's possible that some stores will modify your app to add some Digital
> Rights Management checks to help prevent hacking.  You might have to look
> into the Android Source code to see what happens.  There is a DRM package in
> the API:
>

Google Play does not do this, but the Amazon App Store does. BTW, the DRM
package has nothing to do with this and looking at AOSP source code will
do you no good, because all this is implemented at the server side and is
completely unrelated to the Android OS.

The Amazon DRM is rather annoying, because it requires you to have the
Appstore app and be logged in with the same user that downloaded the app.
Fortunately,  it is rather easy to get rid of.

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
---
You received this message because you are subscribed to the Google Groups "Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
---
You received this message because you are subscribed to the Google Groups "Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.