Tuesday, April 24, 2012

How to save three dollars and at the same time compromise the security of your phone/tablet

I just google on the name of one of my apps and stumbled upon a "cracked" version of External Keyboard Helper Pro version 2.4. I downloaded the copy examined the contents, and yes, it looks like it's my app so I checked the signature and notices that it signed by someone else.

So I start to wonder, why resign an app that isn't protected in the first place? So I compare it against my current version (2.5) and notice that the first of all classed.dex is dated last Sunday, long after the release of version 2.4 but before the release of 2.5. Also classed.dex in the "cracked" version is almost 30kb larger than classed.dex in the real 2.5 version. Believe when I say that there is more code in version 2.5 than in version 2.4 so something has been added.

Personally, if someone cannot afford $3 and copy the app from a friend, I really could not care less. But when someone takes my app, add 30kb (probably even more because the real 2.4 should be smaller than 2.5) of unknown code, and put it up for download, then I do care.

This is an INPUT METHOD people!! That means whatever code they put in there can record EVERYTHING you write on your keyboard.

Now, some of you say "He's just making that up to scare us from using pirated versions of his apps". Well, just download the demo version of 2.5 from SlideMe.org (they allow you to download the .apk directly to your PC) here: http://slideme.org/application/external-keyboard-helper-demo

Open the apk with your favorite unzip application and do the same with the pirated version of 2.4 that is floating around (I'm NOT going to post a link).

First of all, notice in the pirated version how the date of classes.dex (this is the executable) has a more recent date the rest of the files. Then compare the file size with the demo version of the real app.

I'd bet that you'll find the same thing with most of the "cracked" apps on those sites.

If you still do not believe me, well... then you're on your own...

1 comment:

  1. This is fantastically amusing. I just pirated your amazing app because I'm not broke but, shall we say, between payment methods but still like space keys. Fortunately I haven't typed anything sensitive yet on my newly rooted Nook Simple Touch, on which your(/their) program works really well so far.

    But forget typing. Look at the advanced setting page. I'm intoxicated. I have never seen so many options on any computer. It's a dream!

    So, anyway, thanks for the warning. I'll get a friend to send you the money or something. For this app--again, a dream of an app--I'd pay triple.

    Cheers!
    - an idiot

    ReplyDelete