How to Steal an Android Market App

Step Four – Getting a Refund

The Android Market Place allows a single refund within the first 24 hours of purchase. If you choose to purchase again after the first refund you will not be able to get a refund after the first one.

To get a refund you simply find your app in your list of downloads in the market app, then click on the “Uninstall and Refund” Button. This will uninstall the app from your device and issue you a refund.


Step Five – Reinstalling

Now with a file manager app, such as “Linda Manager” you can navigate to your /sdcard/backupapk folder.

Then you can tap on the installation package and reinstall the app/game.

And there you have it, your purchase refunded and the application reinstalled. You will of course not be able to update the app.

Disclaimer

This article was written with the intention of raising awareness revolving around some of the weak aspects of the android market place. I would love to see more developers come from other platforms such as iPhone/iPod developers migrating over to the android platform, given all the grief Apple has been giving developers on app approvals. However I feel that a lot of the smaller companies and freelance developer (as well as some larger names) are not comfortable with developing on the android platform for this reason. Any developer that had the chance to use a Android Dev Phone (usually already rooted) will soon discover the lack of protection.

Now people like myself know how important it is to support developers for their hard work (thus why the above example was not actually refunded, merely provided the screenshot to show it was possible). However like the digital music revolution some of the general population would copy software and content without clue of the damage being done. I would hope that such awareness would eventually lead the market place to enact at least a moderate level of protection against theft of this nature.

For example Jailbreaking an iPod/iPhone does not mean that you can immediately start downloading apps and copying them and so forth. On the contrary with Apple’s App Store, you cannot refund a purchase, and you simply can’t just make a backup of an already purchased ipa file and give it to a friend due to the DRM protection on the IPA file. You actually have to go a few extra steps just to get ‘cracked’ IPA apps to work and those steps are not provided by Cydia and other Jailbreaking utilities. Where as on the Android Platform, you need nothing more than a rooted phone and a terminal application, you don’t even have to search elsewhere for the application as you can just use the copy straight from the market.

Now I’m sure I’ll hear a lot of arguments about how this information is better off unmentioned. But in my 12 years in Information Technology, I’ve always felt that Security by Obscurity, is not Security at All. Use this information purely for awareness and educational purposes, and remember if you like an app or game, support the developer, even if its a free game I encourage you to either spread the word of their fine product or donate to their efforts.

4 comments

  1. Richard says:

    hey man, you are right, i just backed up a purchased app. and i will keep supporting the author, not going refund :)
    i think android market could use RSA tech to protect the apk leak.

  2. Jon says:

    wont work on droid x, says its readonly

  3. Chris says:

    Good news…
    “The Android Market is doing away with its current copy protection scheme for apps, because breaking protection to pirate the apps is a little bit too easy for the comfort of the developers who sell their software in the market.”
    http://www.downloadsquad.com/2010/07/28/android-market-apps-now-have-to-check-in-with-licensing-servers/

  4. kbeezie says:

    That is of course a better mechanism, but as the article mentioned, its not perfect as it would require to always have reception in order to verify with the licensing server (as opposed to simply having the inability to upgrade). But its a step forward, and its nice that google is at least providing such a service rather than having the developers supply their own licensing mechanism.