After a bit of thinking yesterday and playing around with the recent root access (thanks SplasPood for the idea!) - I got to thinking. This allows us to have access to the /data directory, so applications downloaded from the Android Market are NOT fully safe. Applications that developers release, I’d warn them to assume people can get at your dalvik-executable file (dex); this means you can’t hide behind the hardware and assume it will protect you, you should be attempting to write secure code… Though you should have been trying to do that before also!
As of this moment it would appear that either TEAM RESURRECTiON has their own method of dumping files, or they recreated the same method as SplasPood without releasing it. I’m not 100% sure as I have not been able to contact them for comment on this. The only reason I both mentioning this is judging by their release dates for some of their cracks and keygen. A few of them appear to be PRIOR to the release of the “how to root the G1” posts. It currently appears that they have cracked and keygenned all applications available on the market with the exception of IM+. Though, IM+ seems to be a big package in comparison to the other programs released as shareware or trials thus far. So maybe there are more unreleased ways to gain root, which RES might be using to dump the programs? Only they know I’m sure, though I’m not sure they would tell us what it is for fear of it being patched…
The recent gaining of root access, which gives you the ability to dump whole packages of files is kind of scary. When the Android Market matures some more, and people sell their programs, is Google going to provide some method of locking the program to the phone? Or will we be able to dump the program of the phone and install it on another if another root (assuming this one gets fixed, which is should) is found at that time. Or will developers have to rely on their own writing of registration methods for the purchasing of the program… Hmm… This should should be interesting!