Android DRM Cracked! Pirating Apps is "Easy"

The licensing system Google implemented to protect the applications found in its Android Market has been cracked, only a month after it debuted. Google's "Licensing Service for Android," designed to protect against unauthorized use of paid Android applications, was released late July for all versions of the Google Android mobile operating system, 1.5 or higher. In basic terms, the system functions as sort of a DRM protection mechanism for Android applications, ensuring that the apps on a user's phone have been properly purchased and paid for.

Now, in a detailed how-to guide posted by Justin Case on Android Police, not only has Google's licensing system been cracked, doing so was a fairly easy process.

How Was This Hacked?

It's not surprising to hear that a protection system was hacked or cracked these days. There is virtually no unbreakable code, given enough Red Bull and a dedicated hacker. What's somewhat disturbing about this particular crack, however, was how simple it was to accomplish.

In this case, the crack was made possible due to the licensing system's use of Java code. According to Case, Java code is what most Android applications are currently written in. Because of Java's cross-platform compatibility needs, there are already a number of software suites that can decompile and disassemble Java code, making it an easy target for reverse engineering.

After decompiling the code, cracking the licensing system is as simple as finding the file that references Google's licensing service and changing it to include a different set of instructions. A hacker would just need to change of couple of bytes of code that detail how an application should behave after verification of its license is complete.

Read more...