Android Market Hacked (Kinda Sorta)

UPDATE:  The guy responsible for the Android Market Hack left me the following message which puts this story in perspective a bit: “Just a note… I’m using an average G1, though I have rooted it prior to the update that took it away.”

I’m not entirely sure that a dev G1 can see protected applications for this reason.

Android Market comes with a $400 All You Can Eat Buffet.

Anybody can buy an Android Dev Phone 1 which is the Developer Version of the T-Mobile G1 with Root Access – it costs $399. Keep in mind that after you buy an application on the Android Market you have 24 hours to return it. So what is to stop people from buying the app, saving the APK elsewhere, returning the app and getting their money back and then re-installing the app via APK for free?

Copy Protection in the Android Market Publishing Options:

android-market-hacked

Our new application – Android News – was published WITH COPY PROTECTION ON. However, in an effort that doesn’t seem to have taked very long, Tim from Strazzere.com was able to download the free app, put it on his phone and get the RAW APK FILE!

location

The only thing “protecting” the apps is their location. However on a phone with Root access, like the Dev Phone 1, this limitation doesn’t exist. Not only are applications not protected in ANY OTHER WAY but PAID applications face the same fate. That means anyone with a Developer Phone can essentially get every application ever created on Android Market (until they fix this) for free. They just have to buy the app, rip the APK, return the app and re-install.

I like how they used Phandroid News as their “You’ve Been Hacked” Example. Ha – priceless!

[Via Strazzere]

Continue reading:




  • http://unkzdomain.co.cc Unk

    But does this work for PAID apps? I’m sure that Google is smart enough to have thought of this happening.

    I mean, I’ll definitely check this out with some cheap game and then get the .apk and then refund it (since I have a rooted G1)

  • Carmex

    30 days to return? Don’t you mean 24 hours? At least according to this:

    http://www.google.com/intl/en_us/mobile/android/market-policies.html

    Section 2, first sentence.

    Otherwise I was afraid of this exploit. Kinda makes me glad I don’t have any apps ready to sell. They definitely need some sort of protection other than where the apk file is stored when you download it from the market. How is this problem handled on jailbroken iphones?

    Also I won’t be totally convinced this is a real problem until someone does it to a paid app. If google has some kind of protection in place, they probably didn’t do it for the free apps. Maybe there’s some extra protection on the paid stuff?

  • http://www.strazzere.com/blog/ Tim

    Unk:

    The protection on paid applications is the same, sadly

  • Rob Jackson

    @Carmex

    You’re right. My mistake. Changing it now…

  • http://facepwn.com/ Manacit

    Another person with a rooted phone, can confirm this works on all the paid apps (I’ve tried quite a few). The market doesn’t recognize they’re installed, so you don’t get updates, but it will work for the current version that’s out there. You could always do it again if you want the update I guess.

  • http://newsrob.com Mariano Kamp

    What I don’t get is why this kind of protection scheme would have any impact on the amount of memory (whatever memory they mean) required.

    It probably isn’t the end of the story and like with every Android Market releated, they are just late and have much room for improvement.

  • G1Fan

    I smell a Anroid update coming soon…

  • http://opensourcethefuture.blog.co.in Sudipto Sarkar

    Hacking is everywhere…
    It can’t be stopped, but it can definitely be prevented…
    It’s pretty awful that Android’s market was hacked.
    Btw, here’s my post about Android:
    http://opensourcethefuture.blog.co.in/2009/02/22/android/

  • http://www.strazzere.com/blog/ Tim

    @Manacit

    Thats one of the problems right there – since the market doesn’t detect a non-market installed application, it doesn’t know you have a protected application installed so it can’t do anything about it.

  • Alex

    There is one piece of information missing. So far we know that someone with a rooted phone can get the .apk, ask for a refund and put the app back again. The real question about copy protection is if that same .apk will run on a different phone. If the .apk runs elsewhere, then copy protection is broken. But if it only runs on the phone it was downloaded, then it is not so bad, the average user doesn’t have a rooted phone.

  • http://facepwn.com/ Manacit

    @Tim:
    Yeah, a simple solution would be for the market to look at all installed apps and cross reference them with what you have bought.

    Using aTrackDog, you can even check for updates on apps that you have purchased and returned, then installed. I wonder what was going through Google’s head when they thought this would be enough to stop people from “cracking” DRM. Thankfully it looks like some of the “big” tech blogs (Gizmodo and Engadget) haven’t picked up on this, once they do it might become a much bigger problem (I’m sure Google is working on a solution to this right now).

  • Matt

    On a phone with root access and open code there isn’t much you can do for protection. Shouldn’t we be praising them for not using DRM?

    Apple has much stricter copy protection, not to mention OS lockdown, and paid apps from iTunes are still available for free all over the web.

    There’s not much you can do. I’m sure some 3rd party will come up with a digital signature and authentication wrapper if you really want it for your app. I don’t think it is necessary.

  • Phil

    I haven’t written a real Android App yet so I wouldn’t know but it seems to me all apps would or should have some sort of unique identifier…probably a checksum. That sum could be checked against the market (and its history in case an app is updated) to make sure it is not offered on the market already. Or forget the sum…the package name will do as no one is going to recompile these apps.

  • Brennan

    Can the people who have bought any app or game and has tried this method upload to rapidshare or mediafire. We need to create a blog like apple phanboys and post a bunch of raw apks

  • http://www.strazzere.com/blog/ Tim

    @Alex –

    As stated there is NO extra protection. The “protected” apps have nothing special with them so they will run off of ANY phone.

    @Phil

    Recompiling or even resigning (easier) an apk is a cake walk, hardly anything too it, so changing those “checksums” would be simple.

    @Brennan

    I’m sure things are posted anywhere, but this isn’t about piracy — so you shouldn’t pirate the apps, support the devs.

    Lastly — protected apps DOESNT mean it’s a paid application. As with the example of phandroid — it was protected and free. Also paid apps can be unprotected.

  • Carl

    I have an Android phone and want to pull one of the APK files off of an installed application. Is this possible? I tried to go to the /data/app-private directory using a file manager application but no files are showing up.

    It is a free application that I want to send to a friend that cannot access the market to download it.

    Thanks for any ideas.

    Carl

  • Fred

    I do not think this is a problem for two reasons.

    1) iPhone has an app you can install that allows you to download and install just about any App Store app for free. But look at the money being made from the iPhone still…

    2) Although there is a decent return policy, I don’t think you should just install every app you get your hands on, only to return it later on. Google may be monitoring you returns and if you abuse the return policy maybe they will warn you if not ban you.

  • Kendon

    Thanks for this. I had my suspicions but wasn’t sure if they would charge you for reinstalling the apk. I already copy all my free apps with ASTRO(best file manager on the G1). But now I can get paid apps for free, Awesome! I just h8 paying for things. Lol

  • http://www.HotMonster.com Magnum Steele

    Why not just post all of the downloaded apps on a file share torrent like thepiratebay or mininova, that way anyone who doesn’t want to pay can play. That would be cool to have a torrent app for the g1/android. Want to watch a movie, download it, play a game, no problem. Music, etc . . .

  • phillip

    Is there a website where it shows you a step by step sequence to show how to hack the android market?

  • Martin

    But…

    I noticed with a root phone you do not see most of the paid apps.

  • KaniS

    There’s nothing Google can do about things like this. Yeah, their protection is about as simple as it could get, but no matter how complicated they make it, as long as you have root access to the phone, you can install anything you want, including a completely new operating system, and your new operating system is going to be able to get at the raw apk or whatever method they use to store the app. The phone has to be able to read the program and decrypt it, so as long as you can root it, disassemble the OS to find out how it’s reading/decrypting the program, you’ve got yourself a free app.
    The only tactic that might slow down a pirate is to put a decryption “black box” in a hardware chip and sign the paid apps with a very long key only known to this black box. But as soon as someone finds some way to get that key (which might take a little while, but probably not forever), everything’s open again. This method obviously doesn’t protect any phones that are already out there.

    As far as I’m aware, pirates have broken every method of copy protection ever made, so the only real protection is honest people and maybe harsh punishments for law breakers. Android apps are so cheap, I don’t know why anyone would go to much trouble to steal them anyway. Thus, I wouldn’t get too up in arms about this hack.

  • vendornet

    Justo to tell you that google kicked us – developers from the paid apps. So if you have ADP1 you can not download a paid app or a copy protected app. So no stealing is able to be done, but users with rooted g1 can do it. So don`t blame us ;) We are sufferung the most…

  • jmon

    ok im not going to hack to apps cause well it just wrong… and for most useful things there is always a free alternative but there is one thing they could do to at least protect the market and that’s make it to where you cant do refunds. which would suck and then only those willing to us torrents or whatever will be able to take advantage of this. but that comes with risk because of viruses “even though it maybe small” also i like to back up my apps and if they could find a way to stop that it would suck… say i want the new g3 or whatever is out in a year or so i could just up load the apps new my phone. there alot of cool honest things you could do with this. why does every one want something for nothing?

  • Jsn

    Does anyone have a quality “How To Guide” that they can share, so us with rooted G1s can rip an app?

  • macho

    I put videos on my phone g1 phone but i cant view any videos it says my phone doesn’t support the file format ..what can i download to watch videos ..is there an app for this..

  • Ken

    Just a warning, you get what you pay for. If you download a rogue version of an APK, you really don’t know what you are getting and you are putting all of your personal information at risk. It’s very very simple to insert malicious logic into an existing APK and you would never know. Malicious hackers could hijack/wipe all of your personal data, such as contacts, emails etc.

    If you do not get the application from a trusted resource, you do not not what you are getting. The Android market guarantees legitimacy and safety. If you download an app from the market or developer, you know who to blame if something goes wrong.

    Let’s say you really are a cheap bastard and that 99 cents for that killer app just seems… well unnecessary, karma has a way of coming around and biting you in the butt. If something happens and all of your personal info is hijacked or wiped out, you only have yourself to blame.

    In addition, passing around hacked applications while it will surely continue to happen, is only going to hurt the end-users in the long run. Developers will decide it’s not worthwhile to develop for Android anymore, or make users jump through so many hoops it yields a migraine to anyone wanting to use the application.

  • Rich

    We have developed several apps and have the same problem with some people downloading and then returning. We were able to identify patterns based on where these people were as identified by Google Checkout. Its frustrating.

    We’re spending literally thousands of dollars for development and getting ripped off daily by about 15% of the people downloading.
    By not fixing this Google is encouraging us to take our marbles and go play on the Apple and Blackberry Application Markets.

  • Drew Buglione

    The sad part is that this is almost as easy to do on the iPhone/iPod Touch thanks to jailbreaking. I can’t say I’ve never pirated anything, but it’s really just horrible that it’s as easy as it is to do so nowadays…

  • earl

    It does work for paid apps because they are kept in i think data/private-folder. I was apauled by Google’s stupidity.

  • Adam E

    Developers should just make free & donate versions… that’s my opinion. But some already out there have ads in the free version only.

  • don juan

    Free + donate doesn’t work for developers that are trying to do this full time. People just don’t donate. And if the developer can’t spend time working on the app, then they can’t keep up with customer support emails and Android OS updates and the app quality suffers.

  • Kevin

    Yeah, most Android users won’t donate unless they HAVE to pay for an app. Maybe devs could all start supporting their free versions with ads and make people pay for the ads to be removed? Unless I don’t understand how the ad-supporting system works (and I probably don’t or else everyone would have done this already), that’d work out for everyone.

    But again, even if Google implements a security system on the Market, they’ll still get pirated, like how you can put Installous on a jailbroken iPhone and get all the apps out there for free. I’d argue that it’s EASIER on the iPhone; with Android you actually have to either buy and return the app yourself or hunt down the .apk online. With the iPhone you have an app that searches websites that serve as databases for the apps; it takes all of two minutes!

  • http://www.watchironman2.com Rueben Butor

    Download Iron Man 2 Torrent

  • Tat

    Are there more stupid.. who wants download something so cheap!! Android programs are so cheap, why users do break protection? Google need to more security.
    In a couple of months I study it and send to Google, one email. All help are apreciated!

  • ryan

    so if im right if i down load a app thats not free and store in to my sd card return it reinstall it back to the phone from my sd card i shouldnt have to pay for the app?