Securing License Verification by using Native Code, Fusing Options and Indirect Method Triggering on Android

To prevent massive piracy in the Android app markets, Google provides developers the License Verification Library (LVL) to implement a network-based license checking service. The application queries the Google Play app, which builds a license checking request to a trusted Google licensing server, to obtain the license status for the current user. Since this library is written in Java, it cannot protect the app from reverse engineering. In this paper, a native LVL implementation in C is proposed. This native LVL is much harder to be disassembled into comprehensible code than Java. We introduce so-called fusing options to fuse the Android app and native code together while allowing different program parts to communicate by indirect method triggering. The result is that the app cannot be executed without it anymore.     «

To prevent massive piracy in the Android app markets, Google provides developers the License Verification Library (LVL) to implement a network-based license checking service. The application queries the Google Play app, which builds a license checking request to a trusted Google licensing server, to obtain the license status for the current user. Since this library is written in Java, it cannot protect the app from reverse engineering. In this paper, a native LVL implementation in C is propo...     »