Google has responded to an article written this week by Android Police that teaches how to subvert the new Android Market licensing server, issuing a quick acknowledgement, and a promise to revisit the situation soon.
The story clearly stated that it wasn't intended to show how to pirate apps, though it included directions (and even a video) telling how to hack your way around the new application security measures Google enabled in the Market recently.
Here's want Google is saying about the subject for now, as written by Tim Bray:
- The licensing service, while very young, is a significant step forward in terms of protection over the plain copy-protection facility that used to be the norm. In the how-to-pirate piece, its author wrote: “For now, Google’s Licensing Service is still, in my opinion, the best option for copy protection.”
- The licensing service provides infrastructure that developers can use to write custom authentication checks for each of their applications. The first release shipped with the simplest, most transparent imaginable sample implementation, which was written to be easy to understand and modify, rather than security-focused.
- Some developers are using this sample as-is, which makes their applications easier to attack. The attacks we’ve seen so far are also all on applications that have neglected to obfuscate their code, a practice that we strongly recommend. We’ll be publishing detailed instructions for developers on how to do this.
- The number of apps that have migrated to the licensing server at this point in time is very small. It will grow, because the server is a step forward.
- 100% piracy protection is never possible in any system that runs third-party code, but the licensing server, when correctly implemented and customized for your app, is designed to dramatically increase the cost and difficulty of pirating.
- The best attack on pirates is to make their work more difficult and expensive, while simultaneously making the legal path to products straightforward, easy, and fast. Piracy is a bad business to be in when the user has a choice between easily purchasing the app and visiting an untrustworthy, black-market site.
We have to agree here. While the current system is not perfect, it's far better than no protection for developers at all. And as Bray points out, the GLS is a place to start and a framework that developers on which developers can improve. Software piracy is always going to be a big concern for application developers, and tutorials about how to circumvent it will only keep the big software houses away from the Market.
Make no mistake -- we promote and encourage hacking your phone, provided it's the "good hacking" we're talking about. But unlocking, rooting and customizing hardware you paid for is very different from software theft. We applaud Google for facing this one head on, and look forward to their follow up. [Android Developers Blog]