Google, back at Google I/O in June laid out plans for making security improvements, specifically to the app code in Jelly Bean. The improvements focussed on Jelly Bean 4.1 in particular, adding encryption with a device-specific key (improving Digital Rights Management), so apps downloaded from the Play Store could not simply be copied and uploaded to the Internet for others to manually install.
It seemed like this was going to be a major security improvement, that was until the new DRM feature appears to have stopped users from accessing legal Android 4.1 apps bought from the Google Play Store. The idea behind the DRM feature was it would stop app piracy and most importantly the proliferation of malicious apps. The app encryption feature would prevent illegal copies of paid apps by encrypting those apps which a user downloads, with a unique device-specific key. The Android device which downloads a specific app should be able to use the app and those others who copied the app manually wouldn’t be able to use the app. The idea was simple until that was, it was executed.
It appears that the root cause of users being unable to access legal Android 4.1 apps downloaded from the Google Play Store was associated to some start-up code which had been added to corrupt any malicious/illegal apps during the boot-up phase. A quick look at the ‘bug status’ (see link below) and it is marked as “Future Release” on the Google database. For now this encryption app protection has been silently disabled by Google.
If your paid apps are failing to run, then you should uninstall all the paid apps from your Android device and download them again via the Play Store. These paid apps would be installed in the encrypted memory of Android Jelly Bean 4.1. This bug has been around since July. Having attended Google I/O back in June, I wasn’t convinced Google was taking app and Android privacy seriously – this post clarifies that view hasn’t changed.
Safe surfing folks!
Bootnote: The app encryption mentioned above overrides the DRM protection if enabled on apps. The app protection is Android 4.1 specific rather than app specific.