08
Aug
2012-07-31_04h06_58

Piracy is a major issue for Android, and even more so for Android developers, which is why Jelly Bean introduced App Encryption. But this may be a case of the cure being worse than the disease: hundreds of developers of paid apps have chimed in on a Google Code thread, claiming that the encryption (or more accurately, the location of installed and encrypted apps from the Google Play Store) makes their apps entirely unusable, as account information and other stored data is removed after a device reboot. As a result, Google has apparently disabled the security feature for the Play Store on Jelly Bean devices.

The issue stemmed from the location of paid apps when using Jelly Bean. When users downloaded a paid app it was installed to an encrypted folder at /mnt/asec, instead of the normal /data/app folder. The purpose of this was to create a per-device encryption key, making the relatively easy piracy on earlier versions of Android obsolete. Unfortunately, some or all apps that register with the Android Account Manager (basically anything that relies on a secure and readily accessible credential) had their stored information wiped after a device reboot. Paid widgets and themes were also reset upon reboot.

asec

The precise source of the bug hasn't been nailed down, though many developers seem to think that the Account Manager simply isn't equipped to deal with the new app location, and that cached information was being inadvertently wiped before the device turned off. Before Google disabled the encryption feature in the Jelly Bean version of the Play Store, developers found a work-around using secondary authentication apps, or simply instructing their users to download apps from the Amazon Appstore or other alternatives. This method essentially side-loaded the paid apps, which put them back in the /data/app directory. The issue has not affected any devices below Android version 4.1.1.

While the issue has been resolved after a fashion, the developers affected are feeling a sizeable communication rift between the Android community and Google. According to the thread, Google was aware of the issue with encrypted apps since mid-July at least - well before the Jelly Bean update was sent out to Nexus S owners. A handful of issue reports have been merged into the issue page on Google Code, and it's still marked as a medium priority problem slated for repair in a future release of Android. That's little comfort to developers who want both a modicum of piracy protection in the Play Store and functioning apps. 

Google Code Issue 34880

Google Code Issue 35962

[Via H-Online - Thanks, Paul!]

Jeremiah Rice
Jeremiah is a US-based blogger who bought a Nexus One the day it came out and never looked back. In his spare time he watches Star Trek, cooks eggs, and completely fails to write novels.
  • http://www.kovdev.com/ koveleski

    As a theme developer, when this issue appeared out of nowhere it was extremely frustrating. The amount of extra hours placed into supporting users, as well as development time spent on workarounds, was definitely an unexpected burden.

    • http://www.androidpolice.com/ Artem Russakovskii

      My heart bleeds for all the devs who now have tons of support tickets and bad ratings because of this.

      • http://geniousatplay.blogspot.com/ Bikram Agarwal

        I'm a new dev, promoting my free and donate apps on android forum threads where users are mostly on JB . And my apps are obviously failing 'coz of this and getting a bad rep. :(

  • Danny Holyoake

    It's like they don't test anything at all.

    Sigh Google.

    • http://twitter.com/misterE33 Mr E

      That's what users are for ;)

    • krazyfrog

      If you read the post it says Google was aware of this issue.

      Sigh Google indeed.

  • http://twitter.com/LinkofHyrule89 Matthew

    They should just make this as optional so that developers with problems can turn it off but any one else that it works fine for can use it until it's fixed.

  • http://twitter.com/alcaron Paul Fulbright

    Welcome to the most obvious thing ever. DRM sucks and causes problems. Who could have ever seen this one coming...

    Seriously. The sooner people wake up and realize that people will always swipe things...the sooner they can get over it and go on to lead a happy life where they still make INSANE amounts of money for what isn't exactly a massive contribution to mankind.

    *ahem*angrybirds*ahem*

    • IceBeam

      Indeed. The ones harassed are those who pay. The hackers are just laughing.

    • http://www.facebook.com/profile.php?id=1745689461 Hal Motley

      DRM is only designed to prevent crude, casual copying in a n00bish way. Not to prevent l33t hack0rs from taking the material and copying it indefinitely.

      But I do agree that DRM sucks though! But hey at least it prevents the casual copying of stuff! :-)

      • jason

        It only takes one person to crack an apk and distribute. Most people pirating apps are probably not directly doing it themselves.

  • Charles Barnard

    And yet again Google, like many others fail to understand one of the key problems...If you do not live in North America, have a US address and credit card paid apps are not available! Thus piracy. All the DRM and other measures will just create problems for the customer who paid for their apps.
    This has been going on for years (decades) and I fail to see why the developers have not banded together to do something about it. I have money but can not by a particular app because of the country I reside in!
    Why don't they just sell Google Play cards

    • Erythnul

      This is not true any more. Paid apps have been available in over a hundred countries for quite some time now. All you need is a credit ard (pre-paid or regular). Some countries (read: some carriers) also support paying later, through your phone bill. Piracy (for this reason) is only a problem in China and other countries where Google has not yet been able to launch the Play Store.

      • Charles Barnard

        I have major credit cards but still get the "Sorry, purchases are not enabled in your country at this time"

      • asdasd

        still requires international credit cards on a shitload of countries. things are far from that smooth.

      • http://twitter.com/thoriqmm Thoriq Muthohari

        Not true. I live in Indonesia and my fully activated Mastercard does NOT work for the Play Store. Google Wallet keeps on saying it is declined or whatever. Works for everything else though.

        Added to the fact that credit cards aren't popular and likely will never be in developing countries. It's hard to see Google Play gaining critical mass if it becomes EASIER to PIRATE rather than buy the app legally. As I mentioned in previous threads; solution: enable phone credit to be used with Google Play, or at the very least make gift cards available.

        • http://www.facebook.com/troo.don.3 TrOo DOn

          Depends on what kind of Mastercard you own. There are "major" and "minor" credit cards (even department stores can issue credit cards). Most businesses only accept major credit cards, even in North America.

      • warcaster

        Yes, but most people still don't have Google Wallet accounts, and they don't bother making one to pay for a random app they find in the Play Store. They'd rather go with the free version. Apple had the advantage of having a ton of itunes accounts from the iPod era.

        Also, in China they don't even get the Play Store on many phones, and they pirate Android apps and sideload them as they are compatible with those forked Android versions.

    • http://www.facebook.com/profile.php?id=1745689461 Hal Motley

      I am in the United Kingdom with UK address, have a debit card and I purchase paid apps/games just fine. It's more Asia that has the is problem (China, Indonesia...).

      +1 to the Google Play card idea, I lived on iTunes cards for apps and games before I got a debit card.

  • IceBeam

    Plenty of stories showing piracy is bad on ios as well, don't be biased.

  • TinmanTinman

    i have stock jelly bean on my Gnex and only one app 'Ski Safari' has had problem launching so far and i am not sure it is failing because of this.

  • faceless128

    app devs cry for DRM, app devs cry when customers complain about DRM.

  • warcaster

    "Piracy is a major issue on Android"

    Ugh...so is on iOS and Windows. Stop making it sound like piracy is 10x greater on Android than on other platforms. It's not. At "best" it's slightly bigger than on iOS, and smaller than on Windows. You're not doing anyone a favor in the Android ecosystem by continuing to spread out this lie/misleading information.

    • http://twitter.com/ekdikeo Eric B

      Sounds plausible, but it's probably not the case. Having been involved directly with some paid Android softwares as well as knowing quite a few people in the gaming business, my experience is quite the opposite -- most that I know have decided that Android is a completely worthless platform, and therefore if they already have an Android product, they end up putting it out there for free with some kind of in-app purchase hoping they will eventually make something off of it, or they just cancel any ideas of doing Android things.

      Also being a multi-platform developer, I see basically similar things -- the Android market place for my apps doesn't even pay for the taxes on my iOS/webOS/Blackberry versions incomes. Although I don't currently have any direct analytics, my primary multiplatform app does hit a webserver every time a new upgrade is performed, and the last time I did a grep on the logs shortly after an update, I was looking at approximately 2,000 "users" who hit that page from Android devices, when there were only approximately 150 paid users at the time.

      Long story short -- the relatively few number of Android users who do pay for their apps are usually cheap.

      • Jacob

        No Eric... I'm a web developer, so I can't comment with statistics from a particular app. However, using logic and basic understanding of the market, there is no way that 80% or more of users pirate Android apps. Android is the most popular OS available now, and relatively few people have advanced knowledge enough to do reliable and frequent pirating. Most users will pay a few bucks rather than spend time researching pirated, possibly malicious apks. You can't stop people from pirating. Someone will break your DRM. Its impossible for an exploit not to exist - if a processor can read the app code, so can a hacker. But if you make a good product that is priced at market value 80% of your users will pay for it.

        • mike

          I am a software developer, I have a good $3 product, I sell it on itunes and google play. I have 40 sales per day on itunes and 3 sales per day on android. And lots of pirated free copies of my app around the web (impressive download counters!), impossible to take down.

          I am no longer interested in Android.

    • http://evildevnull.com/thinktank/index.php?action=collapse;c=14;sa=collapse;d227fb2388ec=9e8bb86861f0686e54bcbaae99929bbd#c14 George Leon

      The whole Jailbreak on iOS was primarily fueled by the desire to use pirated apps.

  • tBs_Battousai

    Is this still disabled or has it been turned back on yet?