DroidForums.net is the original Verizon Android Forum! Registered Users do not see these ads. Please Register - It's Free!
Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Market License - Easy Implementation to Protect Your Apps

  1. Droid
    alostpacket's Avatar
    Member #
    13135
    Join Date
    Dec 2009
    Posts
    68
    Liked
    1 times
    Phone
    Droid
    #11
    Quote Originally Posted by neubanks89 View Post
    Quote Originally Posted by alostpacket View Post
    Also it should be noted this is not a very secure way of using LVL. Google recommends you edit the classes themselves to obfuscate where the calls are made and how the responses are handled. basically changing some of the default values/constants and moving the functions around so it's harder to find where you make the license check.

    The system (as it's posted in tutorials) is circumvented by changing one easy-to-find switch statement in the decompiled bytecode.


    You then will additionally want to use something like proguard to further obfuscate.

    Finally the most secure method would be to then send the response you get from the market app to a server you control in an encrypted and signed format to process the validity of the response.

    This makes more sense if your app has assets it uses from the web.

    Thwarting pirates is no small task. The question becomes, how much do you want to put into it, and how much do you think you can convert those pirates into customers.
    from my experimenting with using LVL it is actually better not to use it at all for my sales. About 60% of my users are using unauthorized versions of my app, all having a much more secure version of the licensing that you see above and obfuscated with pro guard. When I used LVL my return rate was about 40% and without it dropped down to around 20% because the app performed faster and never gave the user a failed license check when it actually was valid (which happens too frequently and confuses users that just purchased the app). My piracy rate did not decline no matter what prevention I used so I figured it was better for my paying customers just to not worry with it.

    Thanks for this, I had been wondering myself as to whether to use it. I just got hit with my first pirate attack after having my first paid app out only a 3 weeks (my other app is free with a donate version so no pirates there). So I've been reading a lot about it lately.

    I think I'm leaning against using it for the same reasons you state and it's nice to hear opinions of those who have tried it. So thanks for your post

    It's hard though -- I have less that 35 purchases and these guys are stealing already. It's pretty hard to stomach as my hope is to pay the rent with app development.
    twitter: @alostpacket
  2. Droid
    alostpacket's Avatar
    Member #
    13135
    Join Date
    Dec 2009
    Posts
    68
    Liked
    1 times
    Phone
    Droid
    #12
    Quote Originally Posted by jeffv2 View Post
    I'm not saying I would do this, I'm just wondering if one could over come this by decompiling the dex file with smali and baksmali?
    I hope not..

    Sent from my Droid using Tapatalk

    Yes it's not infallible from what I understand. The idea is to make it so much of a pain as to not be worth the time.

    However, using those techniques combined with having your app contact a private server you control with encrypted and signed responses from the license api is supposed to be very difficult to overcome.

    This is especially the case if your app requires content from your server. This is because the server can refuse to serve content to the app if it detects problems. This is in contrast to having the content protection in the app itself where the user or a maclious hacker/pirate can modify it.

    The old adage in terms of this kind of security is "never trust the client" (ie the App) since it's not under your control.

    This is a seriously involved thing to program though. And a lot of effort for people who might not buy your software regardless. For me personally too, my PHP is so rusty I would need a tetanus shot just to get started coding anything server side.
    twitter: @alostpacket
  3. Developer
    jeffv2's Avatar
    Member #
    151962
    Join Date
    Dec 2010
    Location
    south jersey
    Posts
    1,241
    Liked
    3 times
    Phone
    galaxy nexus
    DroidForums.net Developer
    #13
    Quote Originally Posted by alostpacket View Post
    Quote Originally Posted by jeffv2 View Post
    I'm not saying I would do this, I'm just wondering if one could over come this by decompiling the dex file with smali and baksmali?
    I hope not..

    Sent from my Droid using Tapatalk

    Yes it's not infallible from what I understand. The idea is to make it so much of a pain as to not be worth the time.

    However, using those techniques combined with having your app contact a private server you control with encrypted and signed responses from the license api is supposed to be very difficult to overcome.

    This is especially the case if your app requires content from your server. This is because the server can refuse to serve content to the app if it detects problems. This is in contrast to having the content protection in the app itself where the user or a maclious hacker/pirate can modify it.

    The old adage in terms of this kind of security is "never trust the client" (ie the App) since it's not under your control.

    This is a seriously involved thing to program though. And a lot of effort for people who might not buy your software regardless. For me personally too, my PHP is so rusty I would need a tetanus shot just to get started coding anything server side.
    good hopefully at some point we can put an end to pirating apps.... but i doubt it
  4. Developer
    gflam's Avatar
    Member #
    77717
    Join Date
    Jun 2010
    Location
    Jersey
    Posts
    1,884
    Liked
    41 times
    Twitter
    @init2winitapps
    Phone
    Moto Droid/HTC Evo 3D
    DroidForums.net Developer
    DroidForums.net Theme Developer
    #14
    It was mentioned earlier that you could just work around this by starting another activity in terminal or even some launchers that can just launch different activities however i'm thinking that in my case at least my app uses a list view which is read from my server that if i were to implement this method in that activity then opening any other activity would be pointless since it wouldn't have my server files. Just a thought for anyone whos app that uses stuff from a server
Page 2 of 2 FirstFirst 12

Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. password protect separate apps
    By xious in forum Android Applications
    Replies: 25
    Last Post: 05-14-2012, 07:34 PM
  2. Easy Root Pulled from Market
    By bophead in forum Android Hacks and Help
    Replies: 23
    Last Post: 08-13-2010, 02:41 PM
  3. Easy root app on the market?
    By alonsou in forum Android Hacks and Help
    Replies: 2
    Last Post: 08-06-2010, 11:37 AM
  4. Password protect individual apps?
    By velocity92c in forum Android General Discussions
    Replies: 8
    Last Post: 05-15-2010, 08:16 PM
  5. Baseline H.264 Incorrect implementation
    By cchatterj in forum Android Tech Support
    Replies: 0
    Last Post: 01-07-2010, 01:01 PM

Search tags for this page

android licensing example
,

android licensing tutorial

,
com.android.vending. check license
,

com.android.vending.check license

,
copyright my android app
,
do you need to license your app android
,
example implementing youtube in my android app
,
license check activity android
,
licensecheckercallback example
,
this application is not licensed please purchase it from and
Click on a term to search our site for related topics.

Tags for this Thread

Find us on Google+