I'm building an android app about something.
I want that my app cannot be copied.
in WINDOWS I can do like this:
get cpu id from this cmd line:
wmic cpu get processorid
encrypt this code and save it into database
every time software opened it will checks the cpu code and the code in database. so when software copied to another PC it will say:
encrypted code and your cpu code does not match.
I was searching for this command in android and OOPS, there isn't any thing that work 100%.
really I don't need to use only this way(get device ID and save it and..) and if you know another way to do this work(I want that my app cannot be copied) say that.
maybe it is good to say my idea that isn't completed:
create a form for buy this app with unique username in my site.
after a user bought this app it will be download for him.
every time that user want's to open the app it connect to server and see if user is available app will work for him and make his user unavailable for next time that it will be opened in another device (NOPE.I can't do this because it isn't a different between tow android device and I haven't a unique ID);else it can not be worked.
UPD1: can this
works?
You should generate your own uuid.
Google's blog post says IMEI, mac address, serial number, ANDROID_ID, all of them has a problem.
Use java.util.UUID instead.
String android_id = Secure.getString(this.getContentResolver(),Secure.ANDROID_ID);
Related
I would like to create a dashboard app/site running at my home(or maybe on my hosting plan online). But the dashboard would display private info like locations of all family members, etc. So I want to limit the site(or app) to only work on specific devices. Ideally my wife and my Android phones. I'm wondering if the Android app(or website) can check the device mac address and only work if the mac is in the white list? Any other options for doing this?
If you only need it to work for a small number of trusted users, which it sounds like is the case, you can simply generate a long, random string (too long to guess by brute force) and pass that in the URL to the site. The server could then refuse to render the page for any request that doesn't pass the correct string.
This doesn't scale particularly well to more users, as the key could be leaked and you can't revoke access for one specific device, but for just you and your wife, it should be more than sufficient.
I'm new to app dev...
I read somewhere in the doc: "...In most cases you want to use SharedPreferences as it is automatically backed up and migrated to new devices..."
On first install my app saves a few settings with SharedPreferences. It works great but if I uninstall the app or install it on another device the preference settings are lost.
How can I have these settings saved online within google somehow to be able to retrieve them if the user changes his phone or similar...
Could someone point me in the right direction ?
I read somewhere in the doc: "...In most cases you want to use SharedPreferences as it is automatically backed up and migrated to new devices..."
Your words "backed up and migrated to new devices" is nowhere written nor its true.
We use SharedPreferences in order to minimise the database operations, its like keeping variables handy.
On first install my app saves a few settings with SharedPreferences. It works great but if I uninstall the app or install it on another device the preference settings are lost.
If you wants to store or remember the device dependent settings, use device id / imei_id and store it on your web server mysql database
Even if user uninstalls app from the device and installs again anytime in future, make a call with async task to server by sending deviceid / imei_id and fetch its settings from mysql database and show it.
How can I have these settings saved online within google somehow to be
able to retrieve them if the user changes his phone or similar...
If user changes device, you can do nothing.
One way is, keep public device_id levels keys on server.
If user changes device and uses that key, then show him a response, this key is assigned to another device, but if you are the same, wait for our support
Call him, confirm he is the same old user with new device and delete his old entry from mysql and assign old key to the new device entry
Or use OTP SMS system to identify already existing customers with unique phone numbers
If OTP authentication code is correct then fetch settings for that user from the server, delete old mysql entry, modify new entry with old key and mobile number
This should be the your direction
Edit : 2 ##
I was hoping an easier solution exist but....
There is no short cuts for developers till the date, and it will be never.
Why, no short cuts / easy ways ?
Any device ( mobile, desktop / laptop / any AI device ) which is operated by a system software, is able to perform the tasks as per it is structured.
Ex : android is java based, obviously you can Make javascript based apps, but it is the extensions to the existing system, Android still has the base of Java virtual machine. ( Dalvic / Malvic like )
So, it is always better to use native java
Yes, Kotlin is best option now a days and better than hybrid approach
Every way has its own advantages, disadvantages
If you are developer, should go with native approach
Now your java code never knows, which version it is running on, so you have to, check android versions programming wise, and decide the flow for above Marshmallow & below marshmallow too, and it is explicitly done by developer by coding.
Ex, once user registers, he never shown please register again screen, it is not the magic, nor google, nor, java, nor android does anything, developer has decided, planned, architectured, designed, coded, tested that.
Even developers needs to take care of exceptions, you need to handle it in order to save your app from crashing.
In short developer is god, who creates his own universe, and everything is pre-planned and verified thats it.
You should use allowBackup = "true" in your manifest file. More details can be found here: AutoBackup
Following scenario:
I want to create an wifi hotspot on a public place (e.g. train station). Therefore i want to write an mobile application (iOS and/or Android) which works as a portal page. As I would be providing internet access via my wifi hotspot I need to make sure that people who want to log in verify their identity properly (responsibility). First I thought i could do something like a facebook login but I guess that would not be enough as people can create fake accounts.
Then I got the idea that I could maybe access their telephone number via their smartphones.
I googled alot and came to the conclusion that it is pretty tough on both platforms.
The iOS method seems to be deprecated and apps wont make it to the app store with that version. Android can read the phone number from the sim card, but not all providers store the number on the sim card.
Question
Is there any possibility to get the phone number? Or is there any other way to uniquely identify a person in a wifi network?
Of course I dont want to do any of that without asking for users permission etc...
Greetings and thanks in advance
Peter
Choosing the MAC address is a good choice, it is not the safest, but it is the more easy to do.
The IMEI is not always provided, and the SERIAL is not uniq.
But actually, I don't know how to do this with iOS.
What is about the MAC address of the phone? This should be unique enough and you can get is easily from android and from iOS.
Android: http://developer.android.com/reference/android/net/wifi/WifiInfo.html#getMacAddress%28%29
iOS: How can I programmatically get the MAC address of an iphone
Using IMEI number
Android Does provide functions/method to access device IMEI number
First Set <uses-permission android:name="android.permission.READ_PHONE_STATE" />
in android manifest
TelephonyManager tm = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);
// get IMEI
String imei = tm.getDeviceId();
Hope it helps
For NON CDMA or GSM devices like Tablet
Use
import android.provider.Settings.Secure;
private String android_id = Secure.getString(getContext().getContentResolver(),
Secure.ANDROID_ID);
This would generate a unique code for the device..how ever it would change on when user reset the device ie factory reset it .. and it works for device having os > 2.2(froyo)
This really depends on who you are trying to identify. That may seem like an odd response, but usually, we are trying to identify two, not one, sets of credential elements.
First, we want ot identify the device itself -- is this the deivce we expect to see and can we trust that this device has not been tampered with. Second, we usually want to know if the user of this device at the moment is one we expect to be using this, now validated, device. (If I take your phone, without step #2, I just became you.)
This is why we have things like 802.1x. It lets me validate the user of a network, not just the device. For your case, consider something like:
For device validation, the combination of hte MAC address and the IMEI. TUrn those into a unique hash with some data from the user. For example.
ID = SHA1(IMEI+MAC(Wifi)+user password)
Now that we're pretty sure the device and user are correct, if you need to, you can go one step further and use that hash a key to encrypt a user validation step in your app. Even if the user is correct, if they're on the wrong device, their key won't decrypt.
I have an app that sends user location data to the server using webview load html. Since the users are truck drivers I do not expect them to know to login using password and user name every time they use app , so my solution is to for each user to make an app with it's own user name and password embedded into the app using the id field sent to the php page .
`enter code here`url="http://mywebsite.php?id=16"+"&longitude="+longitude+"&latitude="+latitude+"&brzina="+speed+"&vreme="+cal.getTime()+"&datum="+date;
What I am changing in url is the id field sent to php page .
Is there a way for me to automate the creation of Android apps without compiling app every time I have to provide a new app to the driver .Let 's say I am given a list of drivers with their id numbers I put this some were and I get for 15 drivers 15 android apps all with the different id part in url .
Do you need to know the ID before they connect for the first time?
If not, you can store a GUID on the phone, which is created on first time run. as an identifier. And when the GUID comes in to the server for the first time, you log them as a new user with that ID, and from then on, know its them again.
for generating a GUID I recommend the UUID class
and storing/retrieving it, maybe the SharedPreferences Class.
Alternatively, give them a GUID in an ini file, which your app runs off. (which you know the ID before hand.)
I would like input in deciding what API-accessible field in Android is the best equivalent to an iPhone's "device name" (it will be used as non-essential login data passed to a server). By device name, I do not mean "model", or any hardware- or software-related identifier, but more to do with the owner.
See How do you get an iPhone's device name for exactly what I'm referencing.
As an additional example, when faced with the same problem in BlackBerry, it was decided that the owner name was the best equivalent. (See answer in Get Blackberry Owner details (eg name/number) through API )
So far, it looks to me like the best android-equivalent is using an AccountManager to return someone's google account email; see How can you get an Android user's email address?. This seems to me like a pretty rough approximation, though; and would require adding another whole permission to the app just for some non-essential login data. Does anyone know of a better equivalent, and how to grab it?
Many thanks!
If you look in Settings -> Wireless & Network Setting -> Bluetooth Settings There is an option to set the device name. If the device name has not been set then I think it uses the persons account. You can access it through the BluetoothDevice.getName() method. Not sure if that helps.
BluetoothAdapter.getDefaultAdapter.getName() is also returning null if the user has switched off BT e.g. for saving battery or for security reasons. So it's not reliable, I'd say.