Google disables Android Jelly Bean 4.1 app protection

Google, back at Google I/O in June laid out plans for making security improvements, specifically to the app code in Jelly Bean. The improvements focussed on Jelly Bean 4.1 in particular, adding encryption with a device-specific key (improving Digital Rights Management), so apps downloaded from the Play Store could not simply be copied and uploaded to the Internet for others to manually install.

It seemed like this was going to be a major security improvement, that was until the new DRM feature appears to have stopped users from accessing legal Android 4.1 apps bought from the Google Play Store. The idea behind the DRM feature was it would stop app piracy and most importantly the proliferation of malicious apps. The app encryption feature would prevent illegal copies of paid apps by encrypting those apps which a user downloads, with a unique device-specific key. The Android device which downloads a specific app should be able to use the app and those others who copied the app manually wouldn’t be able to use the app. The idea was simple until that was, it was executed.

It appears that the root cause of users being unable to access legal Android 4.1 apps downloaded from the Google Play Store was associated to some start-up code which had been added to corrupt any malicious/illegal apps during the boot-up phase. A quick look at the ‘bug status’ (see link below) and it is marked as “Future Release” on the Google database. For now this encryption app protection has been silently disabled by Google.

If your paid apps are failing to run, then you should uninstall all the paid apps from your Android device and download them again via the Play Store. These paid apps would be installed in the encrypted memory of Android Jelly Bean 4.1. This bug has been around since July.  Having attended Google I/O back in June, I wasn’t convinced Google was taking app and Android privacy seriously – this post clarifies that view hasn’t changed.

Safe surfing folks!

Bootnote: The app encryption mentioned above overrides the DRM protection if enabled on apps. The app protection is Android 4.1 specific rather than app specific.

This entry was posted in android, google, privacy and tagged , , , , . Bookmark the permalink.

3 Responses to Google disables Android Jelly Bean 4.1 app protection

  1. VirtualCed says:

    The workaround is used by Sygic GPS App.. The app is free on the Play Store, but you have to buy a license specific to your device to use it after the tria period of 7 days…
    You got then all the advantages of the shareware concept : a free trial period and a key that could not been shared…

  2. Pingback: Google disables Android Jelly Bean 4.1 app protection | News | Hackers about hacking techniques in our IT Security Magazine

Leave a Reply

Your email address will not be published. Required fields are marked *