this is the first time I will be putting an application onto the playstore. I am wondering is there such a thing as password protecting the application so that only people with the password can download it?
There is no setting in Android for password restricted visibility/download. If you want only people who have password to use your application then you can make your launcher activity to ask for password before launching the application. If password is valid then let me go in else quit the app. Anyone can download the app but only who have password will use it.
I don't think there is such a thing. If you are only wanting to distribute the App amongst people that you can choose yourself, you can just send them the packaged .apk file.
They will need a rooted device to run the app on though.
Related
I have developed an android application and I want to distribute the application on tablet. This means my client will not require to download the apk as it comes with tablet.
This software is for training purpose i.e. video and other documents.
I don't want the apk to be extracted, in another words, I would like to bound the apk to run a specific device.
In summary, my aim is to deliver the apk with tablet device (and I want to avoid extraction of the apk).
Is this achievable?
If the user gains root access on the tablet, you cannot do anything to avoid this.
However without root access, if the apk comes shipped with the tablet, there is no way that someone can send it to other tablet/phones.
If you want to add further security, you can do a simple offline authentication, when the app starts.
eg
1) on first install, prompt user(who will be you, since you have to install the app before giving the tablet to an employee - right? if I understood correctly your problem) to give a user and a pass.
2) Then save credentials in phone(using preferences), and later on(step 3) match them with some hardcoded ones in your apps code.
3) Each time app starts, do a quick check of preferences credentials, and if it doesn't match, close the application.
While this isn't very good way of securing your app, you may come up with a more reliable solution. If tablets have internet access all the time, you can add a proper username/password authentication, but you have to create some sort of accounts to all of your users.
Did you know something about Signed-apk?? First of all create your account on play-store and get the keystore for your project. then create a signed-apk using keystore and password given.
I developed an Android App and installed to three users' cellphones through Eclipse and USB connection. I don't want to put the App to google market. Now I got two problems:
How to protect the App and make it invalid in other cellphones. I know we cannot protect it 100%, I just don't want the App to be easily copied and run on other devices. What I have done was hard coding in my program to compare the AndroidID (save the AndroidID to a string and compare with current AndroidID). The problem is that if I have 100 users, I have to hard code 100 times.
How can I keep the users updated. Do I just upload the updated App to my own server and give them the link to download and install? In this case, the first problem comes out again: how to protect the App?
The first thing in my mind is that you can set a password that app requires the first time it run after installation and give that password only to enabled users
you could make the application check for the presence of some pre-determined "key" file and distribute the file separately.
For updating the app can download new apk files and use an intent to send the user to the Package Installer so that they can choose whether or not to install.
I want to create an application that prompts the user to create a password before the application is installed and also before the application can be uninstalled the password must be entered.
I have ran out of ideas on how to go about the code.
Please can anyone give me a code and an insight on how to go about this_
I would appreciate a lot.
You can use shared preference/db to have default value and see if there is a default value you can prompt dialog
I want to create an application that prompts the user to create a
password before the application is installed
To be clear you said BEFORE the app is installed. This might be Possible. But "dirty". In the user journey your user downloads and installs the APK from the market or where ever. None of your app code has run yet so there's nothing to leverage.
A possible work around, which I have heard others use but not tried myself so no guarantees, is to write a login app that when installed prompts for password creation and on success downloads the actual app.
I would probably say - why? What it the motive behind doing this? Lots of apps work fine installing the whole app (Spotify comes to mind).
I don't think this is possible the android market takes downloads and installs or user installs some other way and the user uninstall via manage application in the settings, all of these things happen outside of the scope of an app
See Device Administrations API
I am developing an Android application, and common users have to pay for it. But, I want to offer that application for free to my webpage users. I have a login in that webpage, so I can control what users access to the application. So the question is:
If I put the .apk into the private zone of my webpage, and users access it through the mobile, Do they download the application and can distribute it, or it just get installed on the phone?
And what if they access by PC?
Is there any way to avoid the download of the file, and just install it on the phone?
I fear installing without downloading is not possible, maybe you shoud think about a second version which needs a key (e.g. created by the device ID and a secret Prefix.
User is downloading your apk
User get the message he needs to register
User send his Device ID to yor Webpage (and have to login before)
Your Website create a hashkey with the device ID and a secret password
The Application stored the key in the Preferences and will check at startup, if the stored key fit to the Device ID/password Hash.
If you let some download your apk, then it just get downloaded. Users will have to install it manually and what is worse, they won't get updates through the common android market mechanism.
if they have rooted phone then they can do anything with your apk. there is no security in android even you can get the source code of an app.
in your case the only way is to implement certificates.
I'm doing an android app and a want to restrict specific part of the app to a kind of administrator (that is only for this app).
The admin will push a button to access the admin part, and a password is required.
My question is about the way to store the password.
Do I have to store the password on like res/string or something?
do you have a better idea?
Thanks
I know that maybe some leaks are easy to do but my app is not something i'll spread, just for a signing app on an android smartphone, so no need to have big security, the password is just here to prevent from errors on the use of the app.
You need to create a hash function, which there is a great article about it at http://phpsec.org/articles/2005/password-hashing.html. Then you need to make sure that you store the password in the private data storage, for further protection. This should be sufficient for most purposes.
Considering that you are hardcoding the password in your app you might as well put it as plain text, since all it takes to lose all security is for one person to leak the password. Much easier then cracking a android .apk
If you want to be secure you need to confirm against a online account, and you need to be comparing hashes.
I think a more elegant way of doing this would be to use a AccountManager
Hold an encrypted version in the apps private directory.
When you come to enter the password the app can encrypt it and see if it matches the one in the file.
I think that's similar to how pin numbers work on credit cards.