Android Apps Need Universal Encryption - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

05:13 PM
Connect Directly

Android Apps Need Universal Encryption

Google's encryption for paid apps isn't enough to protect developers and users, argues author Godfrey Nolan.

Google I/O: 10 Awesome Visions
Google I/O: 10 Awesome Visions
(click image for larger view and for slideshow)
At its developer conference last month, Google announced that apps created with Android 4.1 or greater and distributed for a fee through Google Play will be armored against piracy.

"From Jelly Bean and forward, paid apps in Google Play are encrypted with a device-specific key before they are delivered and stored on the device," the company said. "We know you work hard building your apps. We work hard to protect your investment."

Godfrey Nolan, author of the newly released book Decompiling Android (Apress, 2012), argues that Google should work harder and extend encryption to both paid and free Android apps distributed through Google Play.

Unauthorized app copying is a problem for both iOS and Android developers, but it's particularly acute in the Android ecosystem due to the relative openness of Android devices and a customer base that appears to be more prone than iOS customers to see nothing wrong with unlawful copying.

[ Security risks or not, Android is charging ahead in the smartphone race. Read Android Strengthens Lead Over U.S. Smartphone Rivals. ]

A September 2011 report from the Yankee Group found that out of 75 Android developers surveyed, 27% see piracy as a huge problem and another 26% see it as somewhat of a problem. Carl Howe, Yankee Group director of research and author of the report, characterized the Android app environment as the "Wild West."

Nolan's argument is based on the fact that it's extremely easy to decompile Android apps to obtain a close approximation of the original source code. That doesn't make it any easier to copy Android apps--that's already fairly simple--but it does pose a security risk as more and more apps rely on backend services.

"If [your application] contains any clues to gaining access to backend systems, such as API keys or database logins, or if your application has any customer information that needs to be secure, then you owe it to your customers to take basic steps to protect your code," he wrote in his book.

For iOS developers, decompilation isn't an issue. "iOS apps are prone to disassembly, not decompilation, which means you get the hexadecimal binary back but not the source code," explained Nolan in an email. "So with iOS you might be able to see some strings but not anywhere near the entire source code."

There are already steps Android developers can take to protect their code, such as code obfuscation, but encryption for all Android apps available through Google Play would add an extra layer of protection.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Mary E. Shacklett,  4/13/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll