I am currently writing security software that requires me to scan APKs on the Android device. Unfortunately, in the latest release of Android (JellyBean), I noticed that there is a new security feature that Google is adding that will encrypt "paid" apps with a "device-specific key" so that the apps cannot be transferred to other devices. On install, the APKs will be decrypted.
I've tried looking all over the web, but I can't find any information regarding how this is implemented or how this works. Can someone point me to more information on this? such as white-papers, regions of the AOSP source code, blogs, etc. Any information will be extremely helpful. Thanks!
On Sun, Nov 11, 2012 at 1:43 PM, JonS <thejunk...@gmail.com> wrote:
> Hi,
> I am currently writing security software that requires me to scan APKs on
> the Android device. Unfortunately, in the latest release of Android
> (JellyBean), I noticed that there is a new security feature that Google is
> adding that will encrypt "paid" apps with a "device-specific key" so that
> the apps cannot be transferred to other devices. On install, the APKs will
> be decrypted.
> I've tried looking all over the web, but I can't find any information
> regarding how this is implemented or how this works. Can someone point me
> to more information on this? such as white-papers, regions of the AOSP
> source code, blogs, etc. Any information will be extremely helpful.
> Thanks!
> J
> --
> You received this message because you are subscribed to the Google Groups
> "android-platform" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/android-platform/-/eiySCOJwDdgJ.
> To post to this group, send email to android-platform@googlegroups.com.
> To unsubscribe from this group, send email to
> android-platform+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/android-platform?hl=en.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks and regards
Kapil Kumar
~~~~~~~~~~~~~~~~~~~~~~~~~~
I've looked through the Package Manager code and the only thing that I can find that 'remotely' sounds like it is related to this functionality is the IPackageManager::installPackageWithVerification code which doesn't seem correct.
Would you happen to be able to point me to the correct code please?
On Monday, November 12, 2012 9:45:38 AM UTC-8, kapil kumar wrote:
> have you search through the Package Manager and related Class ?
> On Sun, Nov 11, 2012 at 1:43 PM, JonS <theju...@gmail.com <javascript:>>wrote:
>> Hi,
>> I am currently writing security software that requires me to scan APKs on >> the Android device. Unfortunately, in the latest release of Android >> (JellyBean), I noticed that there is a new security feature that Google is >> adding that will encrypt "paid" apps with a "device-specific key" so that >> the apps cannot be transferred to other devices. On install, the APKs will >> be decrypted.
>> I've tried looking all over the web, but I can't find any information >> regarding how this is implemented or how this works. Can someone point me >> to more information on this? such as white-papers, regions of the AOSP >> source code, blogs, etc. Any information will be extremely helpful. >> Thanks!
>> J
>> -- >> You received this message because you are subscribed to the Google Groups >> "android-platform" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/android-platform/-/eiySCOJwDdgJ. >> To post to this group, send email to android-...@googlegroups.com<javascript:> >> . >> To unsubscribe from this group, send email to >> android-platfo...@googlegroups.com <javascript:>. >> For more options, visit this group at >> http://groups.google.com/group/android-platform?hl=en.
On Tue, Nov 13, 2012 at 1:13 AM, JonS <thejunk...@gmail.com> wrote:
> Thanks Kapil for the suggestion.
> I've looked through the Package Manager code and the only thing that I can
> find that 'remotely' sounds like it is related to this functionality is the
> IPackageManager::installPackageWithVerification code which doesn't seem
> correct.
> Would you happen to be able to point me to the correct code please?
I'm not fresh on the current state of AOSP, but I don't think (I could
be wrong) that this code is include in AOSP proper, perhaps someone
can back me up / prove me wrong.
On Mon, Nov 12, 2012 at 6:13 PM, JonS <thejunk...@gmail.com> wrote:
> Thanks Kapil for the suggestion.
> I've looked through the Package Manager code and the only thing that I can
> find that 'remotely' sounds like it is related to this functionality is the
> IPackageManager::installPackageWithVerification code which doesn't seem
> correct.
> Would you happen to be able to point me to the correct code please?
> Thanks,
> J
> On Monday, November 12, 2012 9:45:38 AM UTC-8, kapil kumar wrote:
>> have you search through the Package Manager and related Class ?
>> On Sun, Nov 11, 2012 at 1:43 PM, JonS <theju...@gmail.com> wrote:
>>> Hi,
>>> I am currently writing security software that requires me to scan APKs on
>>> the Android device. Unfortunately, in the latest release of Android
>>> (JellyBean), I noticed that there is a new security feature that Google is
>>> adding that will encrypt "paid" apps with a "device-specific key" so that
>>> the apps cannot be transferred to other devices. On install, the APKs will
>>> be decrypted.
>>> I've tried looking all over the web, but I can't find any information
>>> regarding how this is implemented or how this works. Can someone point me
>>> to more information on this? such as white-papers, regions of the AOSP
>>> source code, blogs, etc. Any information will be extremely helpful.
>>> Thanks!
>>> J
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "android-platform" group.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msg/android-platform/-/eiySCOJwDdgJ.
>>> To post to this group, send email to android-...@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> android-platfo...@googlegroups.com.
> To post to this group, send email to android-platform@googlegroups.com.
> To unsubscribe from this group, send email to
> android-platform+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/android-platform?hl=en.
On Monday, November 12, 2012 3:57:39 PM UTC-8, Kristopher Micinski wrote:
> I'm not fresh on the current state of AOSP, but I don't think (I could > be wrong) that this code is include in AOSP proper, perhaps someone > can back me up / prove me wrong.
> kris
> On Mon, Nov 12, 2012 at 6:13 PM, JonS <theju...@gmail.com <javascript:>> > wrote: > > Thanks Kapil for the suggestion.
> > I've looked through the Package Manager code and the only thing that I > can > > find that 'remotely' sounds like it is related to this functionality is > the > > IPackageManager::installPackageWithVerification code which doesn't seem > > correct.
> > Would you happen to be able to point me to the correct code please?
> > Thanks, > > J
> > On Monday, November 12, 2012 9:45:38 AM UTC-8, kapil kumar wrote:
> >> have you search through the Package Manager and related Class ?
> >> On Sun, Nov 11, 2012 at 1:43 PM, JonS <theju...@gmail.com> wrote:
> >>> Hi,
> >>> I am currently writing security software that requires me to scan APKs > on > >>> the Android device. Unfortunately, in the latest release of Android > >>> (JellyBean), I noticed that there is a new security feature that > Google is > >>> adding that will encrypt "paid" apps with a "device-specific key" so > that > >>> the apps cannot be transferred to other devices. On install, the APKs > will > >>> be decrypted.
> >>> I've tried looking all over the web, but I can't find any information > >>> regarding how this is implemented or how this works. Can someone > point me > >>> to more information on this? such as white-papers, regions of the AOSP > >>> source code, blogs, etc. Any information will be extremely helpful. > >>> Thanks!
> >>> J
> >>> -- > >>> You received this message because you are subscribed to the Google > Groups > >>> "android-platform" group. > >>> To view this discussion on the web visit > >>> https://groups.google.com/d/msg/android-platform/-/eiySCOJwDdgJ. > >>> To post to this group, send email to android-...@googlegroups.com. > >>> To unsubscribe from this group, send email to > >>> android-platfo...@googlegroups.com.
> On Monday, November 12, 2012 3:57:39 PM UTC-8, Kristopher Micinski wrote:
>> I'm not fresh on the current state of AOSP, but I don't think (I could
>> be wrong) that this code is include in AOSP proper, perhaps someone
>> can back me up / prove me wrong.
>> kris
>> On Mon, Nov 12, 2012 at 6:13 PM, JonS <theju...@gmail.com> wrote:
>> > Thanks Kapil for the suggestion.
>> > I've looked through the Package Manager code and the only thing that I
>> > can
>> > find that 'remotely' sounds like it is related to this functionality is
>> > the
>> > IPackageManager::installPackageWithVerification code which doesn't seem
>> > correct.
>> > Would you happen to be able to point me to the correct code please?
>> > Thanks,
>> > J
>> > On Monday, November 12, 2012 9:45:38 AM UTC-8, kapil kumar wrote:
>> >> have you search through the Package Manager and related Class ?
>> >> On Sun, Nov 11, 2012 at 1:43 PM, JonS <theju...@gmail.com> wrote:
>> >>> Hi,
>> >>> I am currently writing security software that requires me to scan APKs
>> >>> on
>> >>> the Android device. Unfortunately, in the latest release of Android
>> >>> (JellyBean), I noticed that there is a new security feature that
>> >>> Google is
>> >>> adding that will encrypt "paid" apps with a "device-specific key" so
>> >>> that
>> >>> the apps cannot be transferred to other devices. On install, the APKs
>> >>> will
>> >>> be decrypted.
>> >>> I've tried looking all over the web, but I can't find any information
>> >>> regarding how this is implemented or how this works. Can someone
>> >>> point me
>> >>> to more information on this? such as white-papers, regions of the AOSP
>> >>> source code, blogs, etc. Any information will be extremely helpful.
>> >>> Thanks!
>> >>> J
>> >>> --
>> >>> You received this message because you are subscribed to the Google
>> >>> Groups
>> >>> "android-platform" group.
>> >>> To view this discussion on the web visit
>> >>> https://groups.google.com/d/msg/android-platform/-/eiySCOJwDdgJ.
>> >>> To post to this group, send email to android-...@googlegroups.com.
>> >>> To unsubscribe from this group, send email to
>> >>> android-platfo...@googlegroups.com.
>> > To post to this group, send email to android-...@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > android-platfo...@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/android-platform?hl=en.
> To post to this group, send email to android-platform@googlegroups.com.
> To unsubscribe from this group, send email to
> android-platform+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/android-platform?hl=en.
> > On Monday, November 12, 2012 3:57:39 PM UTC-8, Kristopher Micinski > wrote:
> >> I'm not fresh on the current state of AOSP, but I don't think (I could > >> be wrong) that this code is include in AOSP proper, perhaps someone > >> can back me up / prove me wrong.
> >> kris
> >> On Mon, Nov 12, 2012 at 6:13 PM, JonS <theju...@gmail.com> wrote: > >> > Thanks Kapil for the suggestion.
> >> > I've looked through the Package Manager code and the only thing that > I > >> > can > >> > find that 'remotely' sounds like it is related to this functionality > is > >> > the > >> > IPackageManager::installPackageWithVerification code which doesn't > seem > >> > correct.
> >> > Would you happen to be able to point me to the correct code please?
> >> > Thanks, > >> > J
> >> > On Monday, November 12, 2012 9:45:38 AM UTC-8, kapil kumar wrote:
> >> >> have you search through the Package Manager and related Class ?
> >> >> On Sun, Nov 11, 2012 at 1:43 PM, JonS <theju...@gmail.com> wrote:
> >> >>> Hi,
> >> >>> I am currently writing security software that requires me to scan > APKs > >> >>> on > >> >>> the Android device. Unfortunately, in the latest release of > Android > >> >>> (JellyBean), I noticed that there is a new security feature that > >> >>> Google is > >> >>> adding that will encrypt "paid" apps with a "device-specific key" > so > >> >>> that > >> >>> the apps cannot be transferred to other devices. On install, the > APKs > >> >>> will > >> >>> be decrypted.
> >> >>> I've tried looking all over the web, but I can't find any > information > >> >>> regarding how this is implemented or how this works. Can someone > >> >>> point me > >> >>> to more information on this? such as white-papers, regions of the > AOSP > >> >>> source code, blogs, etc. Any information will be extremely > helpful. > >> >>> Thanks!
> >> >>> J
> >> >>> -- > >> >>> You received this message because you are subscribed to the Google > >> >>> Groups > >> >>> "android-platform" group. > >> >>> To view this discussion on the web visit > >> >>> https://groups.google.com/d/msg/android-platform/-/eiySCOJwDdgJ. > >> >>> To post to this group, send email to android-...@googlegroups.com. > >> >>> To unsubscribe from this group, send email to > >> >>> android-platfo...@googlegroups.com.
> >> > To post to this group, send email to android-...@googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > android-platfo...@googlegroups.com. > >> > For more options, visit this group at > >> > http://groups.google.com/group/android-platform?hl=en.
On Tue, Nov 13, 2012 at 12:35 AM, JonS <thejunk...@gmail.com> wrote:
> Are you sure? Maybe I've provided the wrong link, but it should point you
> to using the app encryption in JellyBean
>> > On Monday, November 12, 2012 3:57:39 PM UTC-8, Kristopher Micinski
>> > wrote:
>> >> I'm not fresh on the current state of AOSP, but I don't think (I could
>> >> be wrong) that this code is include in AOSP proper, perhaps someone
>> >> can back me up / prove me wrong.
>> >> kris
>> >> On Mon, Nov 12, 2012 at 6:13 PM, JonS <theju...@gmail.com> wrote:
>> >> > Thanks Kapil for the suggestion.
>> >> > I've looked through the Package Manager code and the only thing that
>> >> > I
>> >> > can
>> >> > find that 'remotely' sounds like it is related to this functionality
>> >> > is
>> >> > the
>> >> > IPackageManager::installPackageWithVerification code which doesn't
>> >> > seem
>> >> > correct.
>> >> > Would you happen to be able to point me to the correct code please?
>> >> > Thanks,
>> >> > J
>> >> > On Monday, November 12, 2012 9:45:38 AM UTC-8, kapil kumar wrote:
>> >> >> have you search through the Package Manager and related Class ?
>> >> >> On Sun, Nov 11, 2012 at 1:43 PM, JonS <theju...@gmail.com> wrote:
>> >> >>> Hi,
>> >> >>> I am currently writing security software that requires me to scan
>> >> >>> APKs
>> >> >>> on
>> >> >>> the Android device. Unfortunately, in the latest release of
>> >> >>> Android
>> >> >>> (JellyBean), I noticed that there is a new security feature that
>> >> >>> Google is
>> >> >>> adding that will encrypt "paid" apps with a "device-specific key"
>> >> >>> so
>> >> >>> that
>> >> >>> the apps cannot be transferred to other devices. On install, the
>> >> >>> APKs
>> >> >>> will
>> >> >>> be decrypted.
>> >> >>> I've tried looking all over the web, but I can't find any
>> >> >>> information
>> >> >>> regarding how this is implemented or how this works. Can someone
>> >> >>> point me
>> >> >>> to more information on this? such as white-papers, regions of the
>> >> >>> AOSP
>> >> >>> source code, blogs, etc. Any information will be extremely
>> >> >>> helpful.
>> >> >>> Thanks!
>> >> >>> J
>> >> >>> --
>> >> >>> You received this message because you are subscribed to the Google
>> >> >>> Groups
>> >> >>> "android-platform" group.
>> >> >>> To view this discussion on the web visit
>> >> >>> https://groups.google.com/d/msg/android-platform/-/eiySCOJwDdgJ.
>> >> >>> To post to this group, send email to android-...@googlegroups.com.
>> >> >>> To unsubscribe from this group, send email to
>> >> >>> android-platfo...@googlegroups.com.
>> >> > --
>> >> > You received this message because you are subscribed to the Google
>> >> > Groups
>> >> > "android-platform" group.
>> >> > To view this discussion on the web visit
>> >> > https://groups.google.com/d/msg/android-platform/-/Rf-WMJ_-7iYJ.
>> >> > To post to this group, send email to android-...@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > android-platfo...@googlegroups.com.
>> >> > For more options, visit this group at
>> >> > http://groups.google.com/group/android-platform?hl=en.
>> > To post to this group, send email to android-...@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > android-platfo...@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/android-platform?hl=en.
> To post to this group, send email to android-platform@googlegroups.com.
> To unsubscribe from this group, send email to
> android-platform+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/android-platform?hl=en.
