Question on .asec (encryption) on Froyo 2.2 / installing app onto sdcard

Question

I installed my app on the emulator with 2.2 and onto the sdcard. When I browse via adb shell, I can see that the encrypted app file lies under /mnt/secure/asec/com.myapp-1.asec but it also lies as plain apk file unencrypted at /mnt/asec/com.myapp-1/pkg.apk as well and I can do a 'adb pull' without special permissions and unzip it to see it's content.

Unfortuntately my N1 is in repair and I cannot check on a real device right now - but wondering, why can I still access the plain apk so easily (at least on the emulator)?

(Not sure if this question is supposed to be asked on StackOverflow or on ForceClose.com, but I figured it's more related to development and how to secure/encrypt your app as a developer, therefore I'm posting it here.)

Answer 1

Got the answer from the Android dev mailing list: http://groups.google.com/group/android-developers/browse_frm/thread/f7d11237744fe5fa/0e92cb2905632408#0e92cb2905632408

Apps on SD card are stored in an encrypted container for platform security purposes -- so that other applications can not modify or corrupt them. When mounting the SD card, these containers are mounted so that they can be accessed in the same way as apps stored in internal storage.

Thanks to Dianne Hackborn/hackbod