Android App Copy Protection Mechanism with Semi-trusted Loader

In this paper, we propose an Android App copy protection mechanism with a semi-trusted loader. In the proposed mechanism, an Android App is composed of an APK (application package file) file and a JAR (Java archive) file. As a mobile device user wants to purchase an Android App from the market, he/she has to download the APK file from the market and installs the APK in his/her device. At the first execution time, the embedded semi-trusted loader will download the encrypted JAR file from the market, and the corresponding decryption key for the encrypted JAR file. Then, the semi-trusted loader decrypts the JAR file by using the decryption key, and further, executes the loading for all functionalities. After the loading, the semi-trusted loader will delete the decryption key and the JAR file, and then store the encrypted JAR file in the mobile device. After that, the semi-trusted loader only download the decryption key from the market as the mobile user wants to execute all functionalities of the App. We adopt the signature scheme to protect the embedded semi-trusted loader in our proposed mechanism. As the semi-trusted loader attempts to download the decryption key, the market verifies if the semi-trusted loader is modified by verifying the signature.