There's no universal answer to this question. You can only make it difficult, not impossible, for pirates.
Somebody could always use an emulator to masquerade as a phone and download your JAR. Once on a PC, they could hack away at any security you put in place.
Your best bet is to leverage some kind of partnership with a carrier. You need to make sure that your application is only being downloaded by a real handset. That means some type of challenge/response encryption system.
Alternatively, you can try embedded an on-line activation proceedure for your programs. When the MIDlet starts up it should send a serial number to your server that authorizes the program to run. If you get duplicate serial numbers, don't authorize the application. This is basically what Microsoft does now-a-days with their registration system.
It's still not bullet-proof by any means, but it's that much harder to crack.
You should also realize that most phones can not simply "forward" an application to another phone. In fact, I have yet to see any phone that can do that. Simply doing some basic checks to see if your program is being sent to a real phone is probably sufficient for most publishers.
William Frantz
http://sprintdevelopers.com [ February 07, 2005: Message edited by: William Frantz ]