At the end of July we reported on a new anti-piracy measure from Google that was aimed at cutting the number of pirate apps available for download outside of the Android Market.
It appears that the new licensing service has been circumvented already, allowing a would-be application cracker to completely strip an app of any licensing protection, opening them up for unofficial distribution and pirating.
Android Police has an explanation of how the licensing system can be bypassed which centers on disassembling an application using a .APK disassembler called smali/baksmali. Because the licensing verification library is not part of the app itself, developers have to include it inside their apps, meaning that an “attacker” can manually strip out the library, reassemble the app and then distribute it as he/she sees fit.
At the moment, the process is a simple proof of concept. We imagine that websites will catch on to it and create automatic tools that will be able to disassemble the code, amend the offending bytecode and then repackage the file for distribution.
Not being a developer, it is easy to question why Google would make its licensing system so easy to bypass, amending a reference in the code doesn’t seem to be too difficult of a process to stop people doing this on a large scale. For a company that has some of the brightest mobile minds on the planet, it all seems a little too easy.
Then again, Android handset owners in countries that don’t yet support the Android Market might now be a little happier, they have had to rely on crackers to get access to paid apps due to lack of support.