In certain countrie(s) which will go unnamed.... it is very very
easy to hack Java programs on cellphones... very easy. If
anyone who works on cell phones in those countrie(s) is listening,
I beg you to fix the problem before its too late. Because it can
be done by accident even if you're not a hacker!
In Japan there is a little too much security, and the benefits of
stealing an i-appli are not that much. Its hard enough to get
users legally..... there would be no profit in stealing an i-appli!
And if your competition stole your i-appli.... everyone would know
if they tried to make money off of it.
On JPhone it would be near impossible to hack and reuse an appli
on JPhone because JPhone itself checks!!
And yes decompiling is easy anywhere.
On most of the platforms I know (The Japanese ones),
the developers even have a hard time getting the various
types of "jar" files onto the phones and downloadable
by clients so that it is difficult to get the java from off of
the phone.
On the other hand, if security is poor jars can be downloaded
off of the server...but this can be easily remedied. We all know how.
But of course if I was a hacker I would think up some way to get
to that jar file anyways....
But the code for i-applis is so compressed to run on mobile phones,
that even the creators often have trouble figuring out what is going on,
so you would really need to be a determined hacker to understand
a mobile application's java code even without obscufating it!!!
(Of course if everything is server side as was mentioned, the cell phone
java code
can be made easy to understand .... but what about those packet charges??).
(But on the other hand almost every cellphone application has some sort
of server component which would be hard and often impossible to replicate. I'm
not to go into details so as to help prevent hackers from exploiting this)
(Thirdly, some of us ARE able to code useful things into cellphone java
applications
that are very useful without server side code (in some cases) BUT the client
always wants that
extra special feature(s) which force us to add in some server side code in
some form or other resulting in server side code even when it originally
wasn't necessary).
Obsfucation has its benefits for HUGE java programs so that the
class names and method names are all silly names (as well as constants
and private methods and public methods)..... so that even the creator
of a program has no clue what the obsfuctaed version does without
some good thought. Golly.... even with everything with the proper names,
and that done well a program can be difficult to read if its a big program.
But that's not mobile java. : <
I like JShrink myself for compression and obsfucating. It does some
really
wacky ways of making things hard to read.... like using things "like" int and
String for method names and so on. And its not too expensive! But then
again I don't do any mobile java (well never a whole appli.... just bits and
blobs
and squeeks).
--
-Paul Lester
pbl1@cornell.edu
Received on Tue Sep 2 03:26:52 2003