Is there any facility to protect the contents of an APK from user modification?

tags:

views:

172

answers:

1

+1 Q:

Is there any facility to protect the contents of an APK from user modification?

I was thinking about this earlier and figured I'd ask.

If I made an application that has lots of resources, what would stop someone from extracting and adding/modifying the resources I ship with it?

Does an application that doesn't want its data manipulated have any sort of option to protect itself?

+1 A:

Nothing prevents someone from extracting resources -- there is even an API for that. However, there is no way to modify the contents of an installed APK file, because that file is digitally signed.

Somebody with root access could obtain the APK file, mess with its contents, and re-sign it, for their own purposes, at least in theory.

CommonsWare 2010-03-11 00:02:54

Are there any other options to safely store data? Would it revolve around storing it as an asset and signing/decrypting it?

Omega 2010-03-11 02:18:41

"Are there any other options to safely store data?" By definition, you cannot defend in-APK data from user inspection or modification. Whatever technique you would use to do that can be defeated. It's why just about every DRM mechanism ever invented has been broken. You *can* use user passwords to allow a *user* to defend *data* (e.g., local files) from attack (encrypt/decrypt with the password), but that doesn't work for in-APK data.

CommonsWare 2010-03-11 02:51:43

Of course, I have no illusions over the limits of securing an application. I was simply curious :)

Omega 2010-03-11 15:15:35

ansaurus

tags:

views:

answers:

Is there any facility to protect the contents of an APK from user modification?

related questions