Acknowledging a reported hacking of its new Android Market licensing server, Google maintained this week that the licensing service represents a "significant step forward in terms of protection."
In a blog post by Google's Tim Bray, the company conceded that a hack allowing some Android applications to bypass the licensing server has been published. Google introduced the server last month as a mechanism to protect against unauthorized use of applications.
[ Developers are unhappy about Oracle's lawsuit against Google over Android | Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
"The licensing service, while very young, is a significant step forward in terms of protection over the plain copy-protection facility that used to be the norm," the blog said. Even the author of the hack wrote that the licensing service still was the best option for copy protection, Bray said.
The licensing service provides infrastructure for developers to write custom authentication checks for applications, Google said. Some developers, though, are using an easy-to-understand sample implementation, which can make applications more open to attack.
"The attacks we've seen so far are also all on applications that have neglected to obfuscate their code, a practice that we strongly recommend. We'll be publishing detailed instructions for developers on how to do this," the post said.
Bray said 100 percent piracy protection is "never possible" in a system that runs third-party code. The licensing server, though, can dramatically increase cost and difficulty for pirates.
Only a small number of applications have migrated to the licensing server thus far.
This article, "Google defends Android Market license server, despite reported hack," was originally published at InfoWorld.com. Follow the latest developments in business technology news and get a digest of the key stories each day in the InfoWorld Daily newsletter.
Read more about security central in InfoWorld's Security Central Channel.