In the Free Software world, we are driven by passion and mutual respect as compared to mindless monetization of the proprietary world.

If unauthorized copying of movies, music and games may make tiny dent in mega corporates, the similar acts on Free Software platforms like Android may not hurt companies like Google but they do cause damage to the dedicated developers who give you their apps either for free or for nominal charges.

So, first request is to say no to 'pirated'*, cracked or unauthorized download of such apps. Please do thank the developer for the nice app that you use by paying it.

After this monologue I would like to address the issue. Justin Case opened Pandora's box when he posted an article about how a cracker can easily patch Android apps to make them available in unauthorized market, thus hurting the developers.

Google responded to the article, followed by a response from Case.

Case pointed at one of the flaws of Google's Android License Verification Library. He wrote that a cracker can easily patch an app thus rendering the verification useless which allows unauthorized copying and distribution of the patched app.

He also found that most of the apps "can be easily patched and stripped of licensing protection, making them an easy target for off-Market, pirated distribution. By corollary, this means that sites dedicated to pirating apps can continue to do so, using a few automated scripts mixed with some smarts."

However, he maintained that from amongst many licensing options he found Google’s own Android Licensing Service to be the nicest one.

Google responded to the article stating that the problem is not with Google's Android Licensing Service  but the way developers apply it.

Google's Tim Bray explains that the licensing service provides infrastructure that developers can use to write custom authentication checks for each of their applications. Google provided a transparent imaginable sample implementation, which was written to be easy to understand and modify, rather than security-focused.
 
The problem happened at developer's end who, instead of modifying the sample, used the sample as-is. This makes their applications easier to attack.
 
Bray also maintains that the "attacks we’ve seen so far are also all on applications that have neglected to obfuscate their code, a practice that we strongly recommend. We’ll be publishing detailed instructions for developers on how to do this."
 
Case concurred with Bray and explained in his response to Google's post, "Using the identical, freely available, sample code across multiple applications, developers left a clear picture of what the code was doing, and allowed the same patch methods to be used across multiple applications."
 
He also added that even if a developer has implemented Google's suggestions and even protected his app with ProGuard to optimize and obfuscate their code, it can still be patched.
 
Bray seems to agree, "100% piracy* protection is never possible in any system that runs third-party code, but the licensing server, when correctly implemented and customized for your app, is designed to dramatically increase the cost and difficulty of pirating."

The fact of the day is no protection measure can insure complete protection, cracker will find a way to circumvent it. One of the best practices for developers is to make cracking extremely time consuming and expensive.

Tim says, "The best attack on pirates is to make their work more difficult and expensive, while simultaneously making the legal path to products straightforward, easy, and fast. Piracy* is a bad business to be in when the user has a choice between easily purchasing the app and visiting an untrustworthy, black-market site.

Case also referred to an article by Android Developer at Google, RomainGuy, on copy and crack protection [the article is not opening].

One of the beauty of free software community, as compared to restrictive and suppressive regimens of proprietary companies, is that here developers work together to protect the sanity of the free and open  environment.

Support free software developers, buy apps!

* “Piracy”

Publishers often refer to copying they don't approve of as “piracy.” In this way, they imply that it is ethically equivalent to attacking ships on the high seas, kidnapping and murdering the people on them. Based on such propaganda, they have procured laws in most of the world to forbid copying in most (or sometimes all) circumstances. (They are still pressuring to make these prohibitions more complete.)

If you don't believe that copying not approved by the publisher is just like kidnapping and murder, you might prefer not to use the word “piracy” to describe it. Neutral terms such as “unauthorized copying” (or “prohibited copying” for the situation where it is illegal) are available for use instead. Some of us might even prefer to use a positive term such as “sharing information with your neighbor.”

  Follow Muktware editor Swapnil Bhartiya on Google Plus.