Google is publicly defending its new Android Market licensing service following the recent publication of a hack enabling some Android applications to bypass the anti-piracy measure. Writing on the Android Developer Blog, Android developer advocate Tim Bray contends that despite the setback, the licensing service remains a step forward over the plain copy-protection facility that was the previous norm: "The first release shipped with the simplest, most transparent imaginable sample implementation, which was written to be easy to understand and modify, rather than security-focused," Bray explains. "Some developers are using this sample as-is, which makes their applications easier to attack. The attacks we've seen so far are also all on applications that have neglected to obfuscate their code, a practice that we strongly recommend." Bray adds Google will soon publish detailed instructions on code obfuscation.
While Bray admits that the number of Android apps that have migrated to the licensing server is presently very small, he argues the program is still a step forward, explaining that when correctly implemented and customized it can dramatically increase the cost and difficulty of pirating. "The best attack on pirates is to make their work more difficult and expensive," Bray writes. "Android Market is already a responsive, low-friction, safe way for developers to get their products to users. The licensing server makes it safer, and we will continue to improve it. The economics are already working for the developers and against the pirates, and are only going to tilt further in that direction."
Google introduced the Android Market licensing service roughly a month ago. The free service promises a secure mechanism to manage access to all paid apps targeting Android 1.5 or higher--applications can now query licensing server to determine a user's license status, receiving data on whether the consumer is authorized to employ the app based on stored sales records, allowing or disallowing further use as appropriate. Developers can also apply a flexible licensing policy on an app-by-app basis, enforcing licensing in the manner most appropriate for each individual application. All applications published via Android Market are eligible for the licensing service, with no special accounts or registration--because the service does not use dedicated framework APIs, developers can add licensing to any legacy app using a minimum API level of 3 or higher.
For more on the Android licensing service:
- read this Android Developer Blog entry
Related articles:
Android Market adds licensing service to combat app piracy
Google opens up Android development, expands app billing options
Google looks to emerging markets to boost Android
Google activates Android Market app kill switch
Google aggressively wooing iPhone developers to Android