I am an Android theme designer and I publish my theme apks on Google Play.
I'm finding a lot of users are basically just stealing my themes. These themes do not allow support for license checking. Many users are simply installing the theme, then making a copy and refunding and then simply reinstalling the copied apk.
This is a huge issue and what I'm wondering is if anyone knows a way to add code to ie: the manifest that would prevent the apk from being installed from unknown sources? It would be great to have it where it attempts to reinstall and then just fails.
Of course this will not 100% stop the thefts because they can likely adb push the app or decompile and remove the code but it will certainly stop a lot of it I believe. Before you just had to worry for the most part about users with root to access the data partition.
Now there are several non root required file apps that can copy apks from data which allows easy access for theft.
Google Play has a licensing service that checks to make sure the user actually did pay for the app on Google Play, called App Licensing. The Google Play Licensing service is primarily intended for paid applications that wish to verify that the current user did in fact pay for the application on Google Play. Here is the documentation on how to implement it into your app; https://developer.android.com/google/play/licensing/index.html
Related
I published many versions so far. And, the users should use the most recent app. However, apkpure shows all the app list that I released.
How come this website take all the apk or abb? I don't want the website takes my applications and block the users in the app. Is there any way to do that?
Actually it's possible to do, using one of the Android features like app bundles. This could help you to verify non Google Play installation. Or even create behavior to crash/exit in such cases.
The whole idea of the approach, it's separation application features to different bundles which could installed be installed within Google play package manager. So you can check it's documentation.
Lots of android users can not access play store when removing the google restrictions, because they want apk file for install. Third party websites publish for that kind users, As well as some desktop users want APk file specially GAME APPs. I think they not Change original APK file.
Is it possible for an android application to act as a custom market place?
The imagined behavior of the app:
Download XYZ app from the built in Google Play Store
Opening XYZ app yields a UI similar to that seen in the Play Store
The user can navigate through XYZ app and select a custom app supported by XYZ to install on their phone
This custom app would not be located on the Play Store and the .apk would be directly installed from the context of the XYZ app/marketplace to the users phone
I did some research and found alternative Android App Stores such as:
Amazon App Store for Android
GetJar
SLideMe
F-Droid
But is it possible to have an alternative marketplace like this that can be accessed from an app that was downloaded from the Google Play Store? Does google allow this type of practice?
So I suppose the heart of my questions is: Is it possible to create an android application that has permissions to install other 3rd party applications directly to a users phone? (without needing to leverage the Play Store or needing to jailbreak the phone)
Thanks in advance for the answers and insights! And please let me know if anything I'm saying doesn't make sense.
(Extra Credit: I would also be curious to learn about the feasibility of doing this with an iOS app as well)
To add to the other answers, you will have problems with some of Google Play's rules. AFAIK they don't allow your app to direct users to a different store. So you won't be able to keep your app on Google Play store in that case.
EDIT
It is not in the Terms and Conditions, as confirmed by #Cumulo Nimbus.
It is in clause 4.5 of the Developer Distribution Agreement:
4.5 Non-Compete. You may not use the Market to distribute or make available any Product whose primary purpose is to facilitate the
distribution of software applications and games for use on Android
devices outside of the Market.
My interpretation of the above was, and still is, that we can't point people to a different app store.
Kudos to #zmarties for pointing me at the Developer Program Policy which links out to the Developer Distribution Agreement. I knew I'd seen this somewhere...
In terms of iOS, Apple does not allow different app stores unless you jailbreak (iOS-speak for rooting) your phone. They are not as open minded as the Google.
Android apps don't need to be rooted in order to install third party apk's. The use just needs to allow this in their settings. The apps you have listed simply instruct their users to enable this setting.
The best example of a third-party "free as in freedom" app store would be F-Droid
Technically it's possible.
The current Developer Program Policy does not seem to prohibit it either - all they have to say on the matter relates to installing "dangerous products" from outside the play store:
Dangerous Products: We don't allow content that harms, interferes with the operation of, or accesses in an unauthorized manner, networks, servers, or other infrastructure.
Malicious scripts and password phishing scams are also prohibited on Google Play, as are apps that cause users to unknowingly download or install apps from sources outside of Google Play.
Having said that, I can't quickly see any alternative apps stores that are themselves in the Play Store.
I am publishing an app on Google Play. When the user downloads the app, the apk file is stored in external memory and people misuse the apk file.
How can I hide the apk at install time?
You can't exactly hide the apk file from users. You can force it to be installed on the internal memory instead of external, but I don't think that's going to help you. To do that, just make sure you don't use the installLocation attribute in the manifest.
From the docs:
If you do not declare this attribute, your application will be installed on the internal storage only and it cannot be moved to the external storage
Note that this does not mean your apk is "safe" either way. Any rooted user can still access the file no matter where it is. The only way to prevent people from accessing it is to not distribute it.
Google's App Licensing is probably what you're after. Have a read here: http://developer.android.com/google/play/licensing/index.html
Specifically,
Note: The Google Play Licensing service is primarily intended for paid applications that wish to verify that the current user did in fact pay for the application on Google Play. However, any application (including free apps) may use the licensing service to initiate the download of an APK expansion file.
Although you try to hide and apk there is lots of apps in android to extract apk from the app.
I realize that this is sort of a broad and perhaps vague question, but I'm looking for some common strategies for self-updating an app in android (not via Google Play, but directly from the application itself). Perhaps I could embed the actual app's APK within another APK which does the updating, but then (1) could the updater even modify itself while it's running and (2) more generally, how might one prevent another (supposedly malicious) app from modifying the updater? Any tips, links, or thoughts on the matter would be greatly appreciated!
I'm looking for some common strategies for self-updating an app in android
There is really only one strategy that I can think of:
Step #1: Determine that an update is available (e.g., monitor some URL for latest-version info)
Step #2: Download the update
Step #3: Kick off the install using ACTION_VIEW or ACTION_INSTALL_PACKAGE (latter available on API Level 14+), at some point when the user requests it, since the user will need to approve the update
could the updater even modify itself while it's running
The app being updated will have its process stopped during the update.
how might one prevent another (supposedly malicious) app from modifying the updater?
The update has to be signed by the same signing key as signed the original version, no different than via distribution through the Play Store. Hence, protect your signing key with your life (or perhaps with somebody else's life, if there's anyone around wearing a red shirt).
One thing to be aware of is that Google doesn't like this sort of behavior at all. Google bans self-updating Android apps...
Google has now changed the Google Play store polices in an apparent
attempt to avoid Facebook-like end runs around store-delivered
updates. Under the "Dangerous Products" section of the Google Play
developer policies, Google now states that "[a]n app downloaded from
Google Play may not modify, replace or update its own APK binary code
using any method other than Google Play's update mechanism." A
Droid-Life article says the language update occurred Thursday. APK
(standing for application package file) is the file format used to
install applications on Android.
I'm not sure if your app is or will ever be on Google Play, but if so I'd advise against doing this, as it could jeopardize your developer account.
I have already published android app on Google Play. It is desired to distribute the application even offline as .apk file directly. My app is completely free and we wish it should spread to as many people.
I am not sure what could be advantages and disadvantages of providing .apk file?
Questions are :
Will Google play count direct .apk installation as a download, when connected to internet ?
Will users with direct .apk installation get any update published later ?
To answer your questions:
Yes, you will get a download prompt if you click on an .apk in Android. When you go to open the completed download, it will offer it up for install (see caveats below)
If you offer your .apk up for direct download outside of Google Play you get no "update checking" -- you have to do that yourself. Not entirely sure what happens if the .apk is available in the play store and via direct download.
It is easier to talk about the disadvantages for the approach of distributing the .apk yourself.
You have to do all the tracking yourself, if you publish to the play store you get some statistics
Similarly, you have to do all "update checking" on your own (either via writing it in your app or some other way.)
No secure way of distributing your application. The built in Android browser does not support downloads over HTTPS streams that require authentication **
Easier for users to get the source code of your app. They can download the .apk from your site, open it in 7zip (or similar) and have at the underlying class files. Whether or not this is a concern is really for you to decide.
The most important reason
Your users will have to check "Allow installation of packages from unknown sources". Your average person might not know how to do this, and may be hesitant to do so. So, it may limit your ability to gain a a wide market share.
So, in summary, ask yourself if not being in Google Play/Android Market is really worth the hassle that comes for both you and your users.
** Not sure if this is true with Chrome on Android -- it is certainly true with the older default browser
Google play collects statistics of Apps only installed through Play Store , with a Google account logged in. Read Documentation on App statistics.
Newer version of Play Store app can auto detect if any of installed app is also available on play store, and will notify for the update.
Also, there are numerous third party app markets other than Play Store. You can upload your app there too (auto update is not available with all of them).
Seems no, correct me if I am wrong :)
Yes, provided that the package name is the same and the version code of the apk file you've uploaded to google play is larger than the one installed in the device.