The 01 September 2010 Android Developers' Blog discusses Securing Android LVL Applications. In order to make an app tamper resistant it describes the following technique :-
In order for an attacker to remove the LVL from your code, they have to modify your code. Unless done precisely, this can be detected by your code. There are a few approaches you can use here.
The most obvious mechanism is to use a lightweight hash function, such as CRC32, and build a hash of your application’s code. You can then compare this checksum with a known good value. You can find the path of your application’s files by calling context.GetApplicationInfo() — just be sure not to compute a checksum of the file that contains your checksum! (Consider storing this information on a third-party server.)
What does this mean? Which file(s) is it that is supposed to be put into the hash function? And how would you compare the hash with the checksum (because surely if you then added a checksum comparison check to your sourcecode and rebuilt it, you'd get a different checksum?
Am I correct in thinking that this method is ONLY of any use if your app is able to get the checksum from a separate server?
