I am building an android app that will be for sale through the market. The base application will need very minimal permissions.
What I want to do, is allow the base application customers to add libraries I'll have available as free upgrades. But those add-ons would need additional permissions and abilities. ( Like contacts, camera, live wallpaper, or home screen ).
My goal is to allow my customers buy my base application without requiring excessive permissions. But if they desire the extra features, they can simply install those libraries from the play market, and grant the permissions for those added libraries. But still allow all of these features to be detected, controlled and used from the base purchased app.
My fear is that no-one will buy my base application if it requires all the permissions of the optional features.
My question is...
Is it possible to do this?
Are there other ways to set this up?
Thank you!
You will need to package those libraries as separate apps, kind of what like Google does with Google Play Services.
These apps need not be visible in the application drawer, just don't declare any Launcher activities there.
You will then need to communicate with those apps using Intents to get your job done.
Related
I am an Android theme designer and I publish my theme apks on Google Play.
I'm finding a lot of users are basically just stealing my themes. These themes do not allow support for license checking. Many users are simply installing the theme, then making a copy and refunding and then simply reinstalling the copied apk.
This is a huge issue and what I'm wondering is if anyone knows a way to add code to ie: the manifest that would prevent the apk from being installed from unknown sources? It would be great to have it where it attempts to reinstall and then just fails.
Of course this will not 100% stop the thefts because they can likely adb push the app or decompile and remove the code but it will certainly stop a lot of it I believe. Before you just had to worry for the most part about users with root to access the data partition.
Now there are several non root required file apps that can copy apks from data which allows easy access for theft.
Google Play has a licensing service that checks to make sure the user actually did pay for the app on Google Play, called App Licensing. The Google Play Licensing service is primarily intended for paid applications that wish to verify that the current user did in fact pay for the application on Google Play. Here is the documentation on how to implement it into your app; https://developer.android.com/google/play/licensing/index.html
I’ve been building some android apps using the website ibuildapp.com
But the thing is that each app requires so many permissions despite the app does not use these features. My question is, can the app send personal information to their servers?
Are you asking if the app can send information to ibuildapp.com servers, or servers in general?
Apps should request permissions only when they need them to provide major functionality. I don't know anything about ibuildapp.com, but if it's requesting a lot of permissions it goes high on my "suspect" list.
permission.READ_CONTACTS, permission.READ_CALENDAR, permission.READ_PROFILE, among others, are not to be handed out lightly! The full list of permissions is listed at
Android.Manifest.Permission javadoc, along with documentation.
I'm an iBuildApp team developer, so I can answer your question. :)
The only reason why we ask all these permissions in every app is that this is how our service works at the current moment.
It has great number of widgets (i.e. page types / functions), every widget has it's own permissions needed. One of our features is that you can manage your app on the fly (modify content, change pages' types etc.), while in most cases there is no necessity to rebuild native app: all the changes will be visible in already built ones. This means that all the modules are built in inside an app (while, as mentioned before, every widget needs it's own permissions).
So in the main: yes, if an app (I assume not specifically our app, but any app) asks for some permissions then it can potentially use them in "bad" way.
But as for us: no. We're not interested in your personal data. We're only interested in providing an excellent service.
Hi i'm ibuildapp android developer.
You can unzip recieved apk file and edit manifest file. As soon as you've done zip it.
I have nearly completed my application and about to upload it into Android Appstore. I need to divide demo and paid versions - one is free with limited capabilities, another one - paid with full functionality. The question is: how to implement it - the only idea which I have in my mind is following:
Upload 2 independent applications placed on different packages. But in this case there's one obstacle: let say user installed demo application packaged as my.foo.demo then user decided to buy full version which will be installed in package my.foo.paid. In this case I need to provide user with ability to transfer user files/data/preferences from package my.foo.demo to my.foo.paid. Wow, but it's not very simple task (keeping in mind Android's security model)
Probably there's another approach? Any ideas?
The easiest way would be to upload two independent APKs. There is a way to have a user download a free version, and then download a "key" application that unlocks the paid functionality. That can lead to lots of user confusion since sometimes they will download the "key" application and not the base application. So if you can upload two different versions, that will eliminate that hassle (but means you have to maintain two versions).
So now to answer your question about sharing the data. The simplest way would be to have a content provider for your data and just export that to the paid version. Alternatively, you can look into the sharedUserId attribute in the application's manifest. This will allow you to run in the same process and access the same files.
I have been trying to make my application available on Android Market, only to specific individual accounts/devices.
Is there any way to specify an arbitrary Market Filter?
It currently has filters for country/carrier, but we need a finer grained filter than that.
I thought about adding my own system library and specify it in <uses-library> tag, but that would not work if user gets a system update from Google.
Non-Market option is not desirable, since we'd lose auto-update feature, etc.
Another option is to make the app unusable by unregistered devices -- but I would rather not show the app on Market and not worry about the app being tampered.
Any ideas would be much appreciated!
Is there any way to specify an arbitrary Market Filter?
No.
I thought about adding my own system library and specify it in tag, but that would not
work if user gets a system update from Google.
It also requires you to build your own firmware and get all your users to use that firmware, which may not be very practical. It would take you less time to write an update-the-APK-from-the-Web feature.
Any ideas would be much appreciated!
The Android Market is public and is designed for use by the majority of Android users. If you want private distribution, distribute your app privately, please.
I'm wondering whether the official google Android Marketplace application has access to some restricted functionality in the OS, or if it just uses the standard APIs available. Anyone up to date on this matter?
Update
Would it be possible to get an application signed by the manufacturer so that you can access these functionalities, or does google have to do this?
Market does a few things that third party applications can't do -- most notable is being able to install apps without going through the permission screen (allowing it to verify permissions before downloading the app).
This is not a matter of signing -- Market is signed with Google's cert, not with a device's cert. The special things it does are features available to apps that are bundled as part of the system image. If Market were made available as a third party app, it would not be able to do these things. Likewise a third party app that is included by a manufacturer in their system image will have access to some additional functionality by virtue of being there.
Historically Market has also used a number of private APIs, which it could live with because it is always bundled with the device, so if one of those APIs changes the manufacturer will just need to make sure that they fix that to be able to run Market. Over time we have been cleaning that up to have it use many fewer private APIs.
The Android Market is part of the signed firmware of the device, and it is not an SDK application. Hence, it "has access to some restricted functionality in the OS". So, for example, while an SDK application can request to install an app, it can't uninstall an app.