piracy bad

Google has responded to an article written this week by Android Police that teaches how to subvert the new Android Market licensing server, issuing a quick acknowledgement, and a promise to revisit the situation soon.

The story clearly stated that it wasn't intended to show how to pirate apps, though it included directions (and even a video) telling how to hack your way around the new application security measures Google enabled in the Market recently.

Here's want Google is saying about the subject for now, as written by Tim Bray:

  • The licensing service, while very young, is a significant step forward in terms of protection over the plain copy-protection facility that used to be the norm. In the how-to-pirate piece, its author wrote: “For now, Google’s Licensing Service is still, in my opinion, the best option for copy protection.”
  • The licensing service provides infrastructure that developers can use to write custom authentication checks for each of their applications. The first release shipped with the simplest, most transparent imaginable sample implementation, which was written to be easy to understand and modify, rather than security-focused.
  • Some developers are using this sample as-is, which makes their applications easier to attack. The attacks we’ve seen so far are also all on applications that have neglected to obfuscate their code, a practice that we strongly recommend. We’ll be publishing detailed instructions for developers on how to do this.
  • The number of apps that have migrated to the licensing server at this point in time is very small. It will grow, because the server is a step forward.
  • 100% piracy protection is never possible in any system that runs third-party code, but the licensing server, when correctly implemented and customized for your app, is designed to dramatically increase the cost and difficulty of pirating.
  • The best attack on pirates is to make their work more difficult and expensive, while simultaneously making the legal path to products straightforward, easy, and fast. Piracy is a bad business to be in when the user has a choice between easily purchasing the app and visiting an untrustworthy, black-market site.

We have to agree here.  While the current system is not perfect, it's far better than no protection for developers at all.  And as Bray points out, the GLS is a place to start and a framework that developers on which developers can improve. Software piracy is always going to be a big concern for application developers, and tutorials about how to circumvent it will only keep the big software houses away from the Market.  

Make no mistake -- we promote and encourage hacking your phone, provided it's the "good hacking" we're talking about.  But unlocking, rooting and customizing hardware you paid for is very different from software theft.  We applaud Google for facing this one head on, and look forward to their follow up.  [Android Developers Blog]

 

Reader comments

Google responds to app piracy primer

7 Comments
Sort by Rating

You can never eliminate piracy, and it seems like Google gets it. This gives me hope that we won't see a whole lot of hassle out of the system. The point is that if you can make the process difficult/confusing to circumvent for %85 of the android market of normal non-geek users, yet easy to bypass for the other %15, then you're doing just fine, especially if this reduces the hassle and error-rate for all users. Google seems to understand that highly effective (but not %100 effective, as nothing is) DRM IS a hassle for alot of legitimate users.

Here's to compromise, and a realistic view of the situation. I look forward to supporting the Market with my own dollars well into the future if this keeps up.

I'm all for developers getting paid for their apps but the license check that the apps use is garbage. At any point that you lose data connection the app fails to work. I have lost data and the app thinks it has been pirated. I think that this can be solved by Google making a cache in the market that stores the app license so that the app can authenticate the licenses when there is no data connection. Also the cache would have to be encrypted and have a sort of self destruct if it were to be copied. Not sure exactly how to do it but they need to figure this out. I'm going on a cruise soon and would like to be able to use my paid apps with no data connection.

Why don't they start with getting rid of all those reviews that promote sites that I am sure (I never went to any) are piracy sites.
"For $9.99 a year we have all apps..." Those types. I see them all the time!

Man coming from the old Palm OS days all these apps are so cheap why would you even bother???? I mean $0.99 to 2.99 average, that is less than a tip at a restaurant! I already spent over $60 and got tons o apps for it! It is GREAT! Keep them cheap and people will buy!

I always mark those as spam when I see them - dunno if that actually makes a difference as presumably the spammers just repost new comments from new accounts all the time.

You'd think Google of all people would be able to easily put some sort of spam detection into the comments - if more than X comments give the same URL on different apps, then it's probably safe to assume it's spam

The best thing Google can do is to enable all countries to buy apps in the Android Market! If people can't buy the apps they will turn to piracy.

The longer they wait, the bigger this problem will become.