Dear Spotify developers...

...why does Spotify still look like this on my Tablet?

When all it takes is a 2 minute hack with apktool to make it look like this:

At least the recent versions does not contain broken landscape layouts that needs removing like the ICS preview and the first releases did so now all it takes is a search and replace in the manifest, build new apk and the sign it. (This however does not feel right and I've seen there are already self-signed versions floating around on the net (no I did not make any of them). Modified and resigned apps are a security problem because unless you modified it yourself you cannot know what else has been changed.)

However, while missing landscape support was irritating but acceptable in the preview version you have pushed many new versions since then and landscape mode is still missing. Why?

If it looks stupid on my tablet, then imagine how it looks when I connect my Motorola Xoom to my 42 inch plasma.

So please, for me and for all the other Spotify premium users that runs Spotify on other devices than just phones, FIX THIS NOW!

Trust us! Why? Because we say so.

This is going to be follow up on a post I did a month ago because I found something interesting.

In a forum focused on pirated app releases I found a thread that linked to my previous blog post. I originally planned to post an answer in that thread but the thread was locked for some unknown reason.

Here's the 3 first posts of the thread:

My comments to the first post is that I never said that there is a trojan in it. I said it has been modified with added code and resigned. (I've even tried to "disassemble" the app but even the latest apktool fails decoding the added code.)

My comments on the second post is that it was not the demo version made pro. I've examined the untouched files and it's the pro version, no doubt about it. Someone told me these kind of guys uses "cracking" tools and it is of course very possible that this is people just using premade cracking tools to "crack" apps, not even knowing what these tools adds to the apps. I've tried to find out but the added code cannot be reverse engineered with the tools I've tried.

I also want comment the phrase "Nice try from the developer". The reason I started to google for my app in the first place was because sales suddenly doubled overnight and it stayed higher than normal for 4-5 days after the "cracked" version appeared on the net. It has happend once again just a week or two ago and the same thing happened then and I can still see the positive effects in my sales numbers. I wouldn't even have made the post if it had not been for the fact that the app was modified and resigned and I wanted to make people aware of the risks.

I can only speculate on why the sales increases when this happens but these pirate app releases replicates on a lot of sites, blogs and forums quickly and they even seem to run it through Google translate making it available in several languages. They "spread the word" and I suppose a lot of people actually uses their brains.

My last comment is about the line "You can trust Market Militia and red-colored users. Promised." And the answer to that "OK thanks I was a little bit worried". I'm not saying these guys are all bad and totally untrustworthy people but I wouldn't take an anonymous persons word for it, especially when the reasons he/she put forward for the modifications and resigning are false.

No wonder people get scammed on the net.

The useless PIN code "security" in Google Play Store

Now if you are in the same situation as me and have equipped your kids with Android devices then Google Play Store (a.k.a. Market) provides some "User Controls" options. You can setup content filtering and protect the settings with a PIN code. You can also choose that the PIN code must be used to be able to purchase apps. Very useful because after all it is your credit card that is tied to Google Checkout because they are kids and kids do not have credit cards, at least not where I live.

To be able to change the settings you've setup you need to push "Unlock settings"...

... and enter the PIN code that only you know.

All good so far. This is secure, right? In December last year I started to wonder just what would happen if I cleared the data for Market (it wasn't renamed to Google Play back then) and I gave it a try. Well what happened is that on the next start of Market it started up fresh as expected but what I did not expect was that also the "User Controls" options, including the PIN code, was reset.

So I decided to try to report this bug to Google and found that someone allready had done so and I added my comments to the bug report and starred the issue.

Now 4 and a half month later with several new versions of Market and later renamed to Google Play Store the bug is still present. I just tried with Google Play Store 3.5.16 and all you need to do is push a button...

...and all the protection is gone.

And no, this does not require a rooted device.

If you, like me, think that this bug needs to be fixed then "star" this issue in order to bring Googles attention to it: http://code.google.com/p/android/issues/detail?id=20702

How to save three dollars and at the same time compromise the security of your phone/tablet

I just google on the name of one of my apps and stumbled upon a "cracked" version of External Keyboard Helper Pro version 2.4. I downloaded the copy examined the contents, and yes, it looks like it's my app so I checked the signature and notices that it signed by someone else.

So I start to wonder, why resign an app that isn't protected in the first place? So I compare it against my current version (2.5) and notice that the first of all classed.dex is dated last Sunday, long after the release of version 2.4 but before the release of 2.5. Also classed.dex in the "cracked" version is almost 30kb larger than classed.dex in the real 2.5 version. Believe when I say that there is more code in version 2.5 than in version 2.4 so something has been added.

Personally, if someone cannot afford $3 and copy the app from a friend, I really could not care less. But when someone takes my app, add 30kb (probably even more because the real 2.4 should be smaller than 2.5) of unknown code, and put it up for download, then I do care.

This is an INPUT METHOD people!! That means whatever code they put in there can record EVERYTHING you write on your keyboard.

Now, some of you say "He's just making that up to scare us from using pirated versions of his apps". Well, just download the demo version of 2.5 from SlideMe.org (they allow you to download the .apk directly to your PC) here: http://slideme.org/application/external-keyboard-helper-demo

Open the apk with your favorite unzip application and do the same with the pirated version of 2.4 that is floating around (I'm NOT going to post a link).

First of all, notice in the pirated version how the date of classes.dex (this is the executable) has a more recent date the rest of the files. Then compare the file size with the demo version of the real app.

I'd bet that you'll find the same thing with most of the "cracked" apps on those sites.

If you still do not believe me, well... then you're on your own...