we posted the program on the google play market. Now you need to almost completely change the design and add a lot of new functionality. The question is, if we write this program again (cleanly), keeping the package name and signing it with the same key, will Google accept it when we update, or do we need to edit this version and rewrite it? There are so many changes that it is easier to rewrite everything, including the logic.
Yes google will accept it, google does not care about logic or functionality.
You have to make sure that you respect the Developpers Policies and also you have to republish the application with the same account that you used the first time otherwise there will be a conflict of package names
Related
I realize that this is sort of a broad and perhaps vague question, but I'm looking for some common strategies for self-updating an app in android (not via Google Play, but directly from the application itself). Perhaps I could embed the actual app's APK within another APK which does the updating, but then (1) could the updater even modify itself while it's running and (2) more generally, how might one prevent another (supposedly malicious) app from modifying the updater? Any tips, links, or thoughts on the matter would be greatly appreciated!
I'm looking for some common strategies for self-updating an app in android
There is really only one strategy that I can think of:
Step #1: Determine that an update is available (e.g., monitor some URL for latest-version info)
Step #2: Download the update
Step #3: Kick off the install using ACTION_VIEW or ACTION_INSTALL_PACKAGE (latter available on API Level 14+), at some point when the user requests it, since the user will need to approve the update
could the updater even modify itself while it's running
The app being updated will have its process stopped during the update.
how might one prevent another (supposedly malicious) app from modifying the updater?
The update has to be signed by the same signing key as signed the original version, no different than via distribution through the Play Store. Hence, protect your signing key with your life (or perhaps with somebody else's life, if there's anyone around wearing a red shirt).
One thing to be aware of is that Google doesn't like this sort of behavior at all. Google bans self-updating Android apps...
Google has now changed the Google Play store polices in an apparent
attempt to avoid Facebook-like end runs around store-delivered
updates. Under the "Dangerous Products" section of the Google Play
developer policies, Google now states that "[a]n app downloaded from
Google Play may not modify, replace or update its own APK binary code
using any method other than Google Play's update mechanism." A
Droid-Life article says the language update occurred Thursday. APK
(standing for application package file) is the file format used to
install applications on Android.
I'm not sure if your app is or will ever be on Google Play, but if so I'd advise against doing this, as it could jeopardize your developer account.
Is it legal to update an Android app on the Play store with a totally different app under the same package name?
Is it considered against the policies since I am updating the app USING THE SAME PACKAGE NAME with a totally different app?
Is it legal to update an Android app on the Play store with a totally different app under the same package name?
well, there's no such definition "different app".
as long as you are using the same keystore (as #SplatFace Development said) it considers from Google play point of view the same app by definition.
you can change whatever you'd like.
it's legal for sure, and there's no any security problem with that because the user anyway would have to accept again the new app permissions if they changed at all...
and as I mentioned in the comment -
I almost sure google did it with thier own apps when Google Talk replaced with Hangouts.
I don't see why it wouldn't be legal. If they are both your creations, you should be alright. It's basically changing the source code with a normal update, only a lot of changes, and changing the name if you're going to change the name. If you are going to change the name though, that may be more of a problem. I wouldn't be sure. I never did that.
Two apps cannot have the same package name. Android will treat them as the same app, with all the consequences that implies.
I know this topic has been discussed many times here.
It's the first time i'm uploading an app to Google Play. The app is free. I read google's licensing support webpages but i'm really confused. From my understanding, licensing should be used for paid application in order to prevent copying the app from one device to another.
My app will be free. Do i need to implement licensing? I guess it will only help me to prevent app copying from one device to anoter ( which probably won't be the case beceuase it's free) but still, i may track the right number of downloads if i use it. Would this help me in a different way?
I read that when you upload the app there should be some checkbox to "Copy protect" your app. Is it still there and usable?
In the future i'm planning to add some paid modules to the app. Is it possbile to add licensing in an upcoming release version?
Many thanks,
Dan
Do i need to implement licensing?
No. Your app will work just fine without it. It's only there to prevent pirating your app and since it's free, that's not going to be a major problem.
Is "Copy protect" still there and usable?
As of 2012-12-13: Yes, it's a simple switch in the old layout.
Is it possbile to add licensing in an upcoming release version?
Yes, but bear in mind that itmeans users will see a new "right" that is required by your app and many users do not like that. So if you're planning on implementing it, I'd put the uses-permission in the Manifest now.
However, if you are using in-app payments, you might not need to implement app licensing at all, since the paid content will be verified by googles in-app system, which uses other APIs.
Oh, and make sure you properly obfuscate your code before your first release.
I've just finished making some updates for a company's Android app, only to realize that they no longer have the private key that was used to sign the original release that went to the Android Market. If I understand correctly, this means that these changes can't be released as an update to the original app. I think the best option is to pull the original app from the market (it doesn't have many downloads or reviews) and re-release the app signed with a new key. However, I'm worried that Android Market might not allow an app to be released which is practically identical to an app that has already been released (e.g. same name, same icon, mostly the same functionality, etc.).
Has anyone been in this situation before? Did google allow you to re-release as a separate app to the Android Market?
You are correct in that you will have to release this as a new application with a different package name. You will have to pull the other app from the Market as it will no longer be updateable and your users will have to redownload the new version of the app.
I don't see any reason why Google would have any issues with this, it's a known issue that some developers/companies can come across when they loose their signing key. Also, as far as I know, Google doesn't closely monitor incoming apps unless they are being flagged.
I've seen some apps that have 10 versions of the same app in the Market, just so that they can have more visibility, which is something that I think Google needs to look out for.
If you just forgot password.
https://code.google.com/archive/p/android-keystore-password-recover/
If you replaced the existing key file.
1.Rename your package name.
2.Generate new signed apk but this time keep copy of the key and never lose it if you want to update your existing app.
I had a similar thing happen, and we had to change the package name even after pulling the original application from the market. I assume this is to protect users from 'accidentally' downloading a malicious update to an application they already have.
As of about August of this year (2011), the Android market has had the capability of uploading multiple APK's for the same package name. You should be able to remove the original APK and substitute a new one with the same package name now using that mechanism.
I haven't tried it yet, but we were able to upload multiple copies of our different applications that targeted specific platforms and it worked like a charm.
I have an app on the Android Market, and recently I was made aware that another publisher had uploaded it under a different name, and was giving it away for free.
I've never uploaded an apk that wasn't signed correctly in the official Google manner. What I'd like to know is, is code signing intended to prevent this kind of thing happening?
Can someone remove the license and add their own? Is this easy to do?
They'd have to do more than just take your APK and upload it under their account. The namespace which you create is unique to your application. So, at a minimum they've reverse engineered some of your code.
As long as somebody is able to pull your apk off of their device and re-package it, nothing can really stop them from uploading it to the market on their own. Report it to Google and you may want to look into using the licensing service.
There is nothing preventing someone from doing this. All code signing does is ensure your application has not been modified from the version you published. i.e. a modified version cannot be installed on top of an unmodified version. If your app has simply been republished without modification, it is no different from your own version. Only the distribution source has changed.
You will need to implement some kind of licensing to prevent piracy. Android code signing is not like iOS code signing (where apps on the store as actually signed by Apple, not just you).