Re: Device Specific Key

[KaPiL.rIcKy]

have you search through the Package Manager and related Class ?

On Sun, Nov 11, 2012 at 1:43 PM, JonS <theju...@gmail.com> wrote:

Hi,

I am currently writing security software that requires me to scan APKs on the Android device.  Unfortunately, in the latest release of Android (JellyBean), I noticed that there is a new security feature that Google is adding that will encrypt "paid" apps with a "device-specific key" so that the apps cannot be transferred to other devices. On install, the APKs will be decrypted.

I've tried looking all over the web, but I can't find any information regarding how this is implemented or how this works.  Can someone point me to more information on this? such as white-papers, regions of the AOSP source code, blogs, etc.  Any information will be extremely helpful.  Thanks!

J

--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To view this discussion on the web visit https://groups.google.com/d/msg/android-platform/-/eiySCOJwDdgJ.
To post to this group, send email to android-...@googlegroups.com.
To unsubscribe from this group, send email to android-platfo...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/android-platform?hl=en.

--

~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks and regards
Kapil Kumar
~~~~~~~~~~~~~~~~~~~~~~~~~~

[JonS]

Thanks Kapil for the suggestion. 

I've looked through the Package Manager code and the only thing that I can find that 'remotely' sounds like it is related to this functionality is the IPackageManager::installPackageWithVerification code which doesn't seem correct.

Would you happen to be able to point me to the correct code please?

Thanks,

J

[Alexey Eromenko]

On Tue, Nov 13, 2012 at 1:13 AM, JonS <theju...@gmail.com> wrote:
> Thanks Kapil for the suggestion.
>
> I've looked through the Package Manager code and the only thing that I can
> find that 'remotely' sounds like it is related to this functionality is the
> IPackageManager::installPackageWithVerification code which doesn't seem
> correct.
>
> Would you happen to be able to point me to the correct code please?
>

According to this article, DRM is now disabled:
http://www.androidpolice.com/2012/08/08/jelly-bean-app-encryption-breaks-thousands-of-apps-in-the-play-store-google-disables-drm-for-now/

--
-Alexey Eromenko "Technologov"

[Kristopher Micinski]

I'm not fresh on the current state of AOSP, but I don't think (I could
be wrong) that this code is include in AOSP proper, perhaps someone
can back me up / prove me wrong.

kris

> https://groups.google.com/d/msg/android-platform/-/Rf-WMJ_-7iYJ.

[JonS]

Thanks guys for the feedback. 

I found this resource : http://nelenkov.blogspot.com/2012/07/using-app-encryption-in-jelly-bean.html

and it looks like it is pretty detailed :)

J

[Kristopher Micinski]

I'm confused, this link doesn't talk about full app encryption at all,
it just talks about negotiations with the play store using OAuth...?

kris

> https://groups.google.com/d/msg/android-platform/-/5OdUI1TMVHgJ.

[JonS]

Are you sure?  Maybe I've provided the wrong link, but it should point you to using the app encryption in JellyBean

"http://nelenkov.blogspot.com/2012/07/using-app-encryption-in-jelly-bean.html"

[Kristopher Micinski]

Ah okay, yes, didn't see it before, it redirected to another page.

kris

> https://groups.google.com/d/msg/android-platform/-/GzDurkwPsd8J.