这里有一个最近的骗局通过Android市场犯下的一个很好的报告。

There's a good report here of a recent scam perpetrated through the Android market.

http://www.theregister.co.uk/2011/12 / 12 / android_market_​​malware /

有人复制了一些流行的游戏的apk文件从一个根的电话，反编译他们smali，增加code，使他们使用昂贵的premium短信服务，用他自己的密钥重新签了字，并把他们早在Android市场。在10K用户下载他们在24小时前谷歌启动从市场上的应用程序。

Someone copied some popular game .apk files off a rooted phone, decompiled them with smali, added code to make them use an expensive premium SMS service, re-signed them with his own key, and put them back in the Android market. Over 10K users downloaded them in the 24 hours before Google booted the apps from the market.

如何应用程序开发人员防止他们的工作被窃取，修改和remarketed这样？我想你可以匹配你的应用程序的MD5哈希值，因为当你发货了问题（可能与保存在谷歌电子市场你的应用程序，或在您的一台服务器）是，与应用程序的MD5哈希因为它是现在。但是，我们没有工具用于检查的apk文件的MD5哈希，和基础文件是不可见的应用软件。

How can app developers protect against their work being stolen, modified, and remarketed in this way? I suppose you could match the MD5 hash of your app as it was when you shipped it (perhaps kept with your app in the google market, or on one of your servers), with the MD5 hash of the app as it is now. But we don't have tools for checking the MD5 hash of an .apk file, and the underlying files are not visible to app software.

确保你运行一个应用程序的身份完整性，无疑是一个解决问题。什么是最好的做法是什么？

Ensuring identity integrity of an app you run, surely, is a solved problem. What is the best practice?

推荐答案

这种黑帽的做法是不可能避免的。无论你发现，一个幸运的，巧妙的，有耐心的黑客将撤销它。

This kind of black hat practice are impossible to avoid. Whatever you find, a lucky, ingenious, patient hacker will undo it.

您仍然可以希望努力足以令它更难大多数黑客可以轻松地打破你的保护。这就是人们通常称的IT安全BTW：）

You can nevertheless hope to work hard enough to make it harder for most hackers to easily break your protections. That's what people often call IT security btw :)

字段，调查是：