Stellar Startups: Reining in those rascally hackers

Using novel patented algorithms, the SPGuard software prevents applications from working unless the user has a valid license, says Rascal Software CEO Noam Pa’il.

Noam Pa'il 311 (photo credit: Courtesy)
Noam Pa'il 311
(photo credit: Courtesy)
In the great showdown between the iPhone and Android smartphone devices, each side brings to the table its strengths – and weaknesses.
In the case of Android devices, though, the platform’s greatest strength – the freedom programmers and users have in getting the phone to do whatever it is capable of, without having to follow arcane rules on programming or usage imposed by Apple – leaves Android programmers at great risk of having their apps, or even their intellectual property, stolen.
When the “garden is walled” and there are lots of rules to follow, like in the iTunes store, it’s much more difficult to steal and install software you didn’t pay for. But when you have an open system like Android that anyone can program – and hack – the chances are high that users will be able to find, download, and install “free” (i.e. stolen), hacked copies of your app for their devices.
How high? “About 75%,” says Noam Pa’il, CEO of Israeli startup Rascal Software (
“According to numerous studies, three out of four Android users do not pay for apps that they are supposed to pay for. Programmers have to eat, but many are realizing that, at least under current conditions, they have no chance of earning a living writing Android apps.”
As a result, Pa’il says, Android users are already losing out on the best apps. “Usually an app maker will write their program for iPhones and port them over to Android, but we are seeing more resistance to that now.” App makers know they are likely to get paid for the programs that are downloaded from the iTunes Store – after all, Apple puts a lot of roadblocks in the way of users who want to ‘jailbreak’ their devices, and most don’t – but they are much more doubtful about getting paid for their Android apps. “As a result, programmers are increasingly releasing watered-down version of their apps for Android devices, because they don’t want to give their work away for free,” says Pa’il.
A large part of the problem, says Pa’il, stems from the “free” philosophy of Google, makers of the Android platform.
“Google is a big advocate of open-source applications and platforms, and Android matches that philosophy perfectly,” he says.
“But when anyone can write or hack anything they want, it’s very difficult to put in restrictions.”
Besides its belief in open-source, Google designed Android as an open platform to bring in the largest number of users in the shortest time possible, encouraging manufacturers to adopt it as an operating system for their devices, and encouraging users to seek out Android phones as a liberating alternative to the strictures of the iPhone, where app writers must follow strict programming rules.
“And it’s working,” says Pa’il. “Every day 200,000 new Android devices are sold.” If that sounds like a lot – it is. According to Gartner, worldwide downloads of mobile application from online stores are expected to surpass $21 billion by 2013, and app. store revenues from purchases and advertising are projected to top $29 billion by that time. But, as programmers are beginning to realize, what’s good for Google and Android users isn’t necessarily good for them, if they plan on earning a profit on their investment of time and talent in writing good apps.
RASCAL IS HERE to help, says Pa’il, with a technology that will encourage users to pay for apps, while allowing Google to keep things as open-source as it wants. “Using novel patented algorithms, we remove small bits of the runtime application code (not the source code, Pa’il stresses) so that the app just doesn’t work if the user does not have a valid license that was issued to him or her. Our SPGuard product ensures that only authorized users can utilize their legitimate application.” A different piece of runtime code is removed each time, so it would be virtually impossible for hackers to figure out a system to beat the protection. “They would have to rehack the app each time,” Pa’il says. “Under such circumstances you might as well pay the dollar or two that the app costs.”
SPGuard is an excellent solution for programmers, says Pa’il, because there is nothing new for them to learn. “We supply the system in the form of a plug-in which operates outside the context of the source code. All a programmer has to do is insert our plug-in into their app, and that’s it.” SPGuard does not interfere or interact with the Android system either, so there’s no “compromising” of the open-source nature of Android – and no reason for Google to get upset over Pa’il’s efforts to ensure that programmers don’t give away their work for free.
The system is in advanced development stage, and is being tested in real-world situations with partners and app companies (some very large ones who sought him out, says Pa’il, a veteran of the IT security and communications industry), and will be on the market within the year. Currently, Rascal operates as a part of the Granot Ventures Incubator.
Pa’il isn’t aware of any other companies that are working on security systems for Android programmers – which is surprising, given the depth and extent of the problem. “But this is a brand new industry,” says Pa’il, so solutions to problems like these will take time.
Interestingly, Google itself has tried to deal with the problem, implementing the Android Licensing Verification Library (LVL) last year, which was supposed to ensure that users paid for apps as they were supposed to. But the protection was relatively simple – and so was the hack that outmoded LVL almost as soon as Google implemented it. “For whatever reason, Google hasn’t been as aggressive with hackers as it could have been, but the need hasn’t gone away,” says Pa’il. “Hopefully our system will convince Android app writers that they can make money on their favorite platform.”