Piracy is a major issue for Android, and even more so for Android developers, which is why Jelly Bean introduced App Encryption. But this may be a case of the cure being worse than the disease: hundreds of developers of paid apps have chimed in on a Google Code thread, claiming that the encryption (or more accurately, the location of installed and encrypted apps from the Google Play Store) makes their apps entirely unusable, as account information and other stored data is removed after a device reboot. As a result, Google has apparently disabled the security feature for the Play Store on Jelly Bean devices.

The issue stemmed from the location of paid apps when using Jelly Bean. When users downloaded a paid app it was installed to an encrypted folder at /mnt/asec, instead of the normal /data/app folder. The purpose of this was to create a per-device encryption key, making the relatively easy piracy on earlier versions of Android obsolete. Unfortunately, some or all apps that register with the Android Account Manager (basically anything that relies on a secure and readily accessible credential) had their stored information wiped after a device reboot. Paid widgets and themes were also reset upon reboot.


The precise source of the bug hasn't been nailed down, though many developers seem to think that the Account Manager simply isn't equipped to deal with the new app location, and that cached information was being inadvertently wiped before the device turned off. Before Google disabled the encryption feature in the Jelly Bean version of the Play Store, developers found a work-around using secondary authentication apps, or simply instructing their users to download apps from the Amazon Appstore or other alternatives. This method essentially side-loaded the paid apps, which put them back in the /data/app directory. The issue has not affected any devices below Android version 4.1.1.

While the issue has been resolved after a fashion, the developers affected are feeling a sizeable communication rift between the Android community and Google. According to the thread, Google was aware of the issue with encrypted apps since mid-July at least - well before the Jelly Bean update was sent out to Nexus S owners. A handful of issue reports have been merged into the issue page on Google Code, and it's still marked as a medium priority problem slated for repair in a future release of Android. That's little comfort to developers who want both a modicum of piracy protection in the Play Store and functioning apps. 

Google Code Issue 34880

Google Code Issue 35962

[Via H-Online - Thanks, Paul!]