I have developed an android application and I want to distribute the application on tablet. This means my client will not require to download the apk as it comes with tablet.
This software is for training purpose i.e. video and other documents.
I don't want the apk to be extracted, in another words, I would like to bound the apk to run a specific device.
In summary, my aim is to deliver the apk with tablet device (and I want to avoid extraction of the apk).
Is this achievable?
If the user gains root access on the tablet, you cannot do anything to avoid this.
However without root access, if the apk comes shipped with the tablet, there is no way that someone can send it to other tablet/phones.
If you want to add further security, you can do a simple offline authentication, when the app starts.
eg
1) on first install, prompt user(who will be you, since you have to install the app before giving the tablet to an employee - right? if I understood correctly your problem) to give a user and a pass.
2) Then save credentials in phone(using preferences), and later on(step 3) match them with some hardcoded ones in your apps code.
3) Each time app starts, do a quick check of preferences credentials, and if it doesn't match, close the application.
While this isn't very good way of securing your app, you may come up with a more reliable solution. If tablets have internet access all the time, you can add a proper username/password authentication, but you have to create some sort of accounts to all of your users.
Did you know something about Signed-apk?? First of all create your account on play-store and get the keystore for your project. then create a signed-apk using keystore and password given.
Related
I am new to android. I have a application to make where in i have to restrict the application's .apk file getting shared by the user to the other phone android phone holders.
Its like if i keep my .apk file in my own website then i want that the user can download the .apk from my website the cannot share the same .apk with some other person. I want to restrict the sharing of the apk to multiple phones. Everytime a user wants to install the app he/she has to install if from the play or through my website but the .apk shared cannot to installed.
Also i wanted to ask if we can distinguish whether the app is distributed and installed or installed from the play.
So can you please tell me some way out for doing this?
Thanks in advance
1) You can not stop users to forward your apk if they have apk in storage, what you can do is to delete it after your app installed(you should search it via some api and if found delete it), Limitation :- apk can be shared before installing.
and there are tools/apps exist in market which claim to convert installed app into apk, and then it can be forwarded to other device.
Similar question on Forward locking of apk
2) Though you can not stop user to forwarding of your apk, But can stop other user to use it, if they receive this app from other sources then your web, as I myself did it earlier, by client server communication where a key is getting generated on Server based on mobile IMEI, so this app is going to be activated for particular mobile based on IMEI number. hence if other users try to use it you can check if this IMEI is register or not, and take action accordingly.
Unless a user uses a USB cable/Astro file manager like utility, on a ROOTED phone, he wont be able to extract the apk out and transfer to another phone. And the percentage of users knowing how to root a device is very low. So this issue should not arise.
Even if it is assumed a user can very easily extract an apk (which a general user wont be able to), the problem whittles down to generating a unique identifier string on each apk, and then packing it within this apk. Now when it is extracted and installed on another device the app can check with identifier and close after displaying a "no-copying" message.
Note that the identifier should be tied to a unique string, say the device IMSI number, or phone number, or a combination of both. And this string needs to be written to a file that is transferred over when apk is copied, I would recommend a properties file in assets folder within the apk for this. Hope this helps
if somehow we manage to attach the app data folder with that APK.file of that app, then our problem will rectified easily. like if you send the folder of the app to someone then app will automatically loads your data to the other user. if he can't separate that two things (apk. file of APP and data folder of the APP).
Hope it will help you...and me too..
I developed an Android App and installed to three users' cellphones through Eclipse and USB connection. I don't want to put the App to google market. Now I got two problems:
How to protect the App and make it invalid in other cellphones. I know we cannot protect it 100%, I just don't want the App to be easily copied and run on other devices. What I have done was hard coding in my program to compare the AndroidID (save the AndroidID to a string and compare with current AndroidID). The problem is that if I have 100 users, I have to hard code 100 times.
How can I keep the users updated. Do I just upload the updated App to my own server and give them the link to download and install? In this case, the first problem comes out again: how to protect the App?
The first thing in my mind is that you can set a password that app requires the first time it run after installation and give that password only to enabled users
you could make the application check for the presence of some pre-determined "key" file and distribute the file separately.
For updating the app can download new apk files and use an intent to send the user to the Package Installer so that they can choose whether or not to install.
I am planning to drop my app in Google Play(earlier Android Market) because of push notifications (whenever a new version) , security for apk and so on.And also since apk is secured with Google play(paid apks) i dropped of downloading the apk from my website (only authenticated people can download the apk)
Actually its a business app for particular users with username and login access. Everything was fine in the App with login and security mechanisms
I am thinking of a way to restrict the other users who are not from the list while installing itself.
My question is whether any kind of filter or authentication mechanism can we set while downloading the application from the Google play it should ask for a password or something like this to filter the unauthorized users to download the app..
My ultimate aim is i don't want the peoples to try it after downloading unnecessarily
Can anybody help who have tried all those in android market
Ok.. One thing after another..
Google propose their licensing mechanism. However app would need internet connection, which is disadvantage if otherwise it doesn't need it. If I got it right your does need to connect to server so this is not a problem for u.. It seems to me you are already familiar with this method.
Mechanism for password protecting downloading or visibility of apps on Google Play doesn't exist today..
You can identify users with IMEI (in case you don't consider using app on tablets, which doesn't have it), WLAN MAC, BT MAC address or some exotic combination of these methods, and you use this as authentication.
The best solution, from my point of view, is to allow people on market to download it. Your application is already using some mechanism of authentication (user/password) to server. So if 1st thing user need to do is login, and any functionality is disabled if that doesn't pass. If it pass, you already know who is your user and what privileges he has.
The thing is here that I am not so sure what are your concerns when user without login/pass download application if everything after that screen is disabled before authentication. User will download (if they find it..), they will install, try to use it, see that's not possible without credentials and uninstall it.
Hope it helped.. I will try to add few more links in a while..
I am developing an Android application, and common users have to pay for it. But, I want to offer that application for free to my webpage users. I have a login in that webpage, so I can control what users access to the application. So the question is:
If I put the .apk into the private zone of my webpage, and users access it through the mobile, Do they download the application and can distribute it, or it just get installed on the phone?
And what if they access by PC?
Is there any way to avoid the download of the file, and just install it on the phone?
I fear installing without downloading is not possible, maybe you shoud think about a second version which needs a key (e.g. created by the device ID and a secret Prefix.
User is downloading your apk
User get the message he needs to register
User send his Device ID to yor Webpage (and have to login before)
Your Website create a hashkey with the device ID and a secret password
The Application stored the key in the Preferences and will check at startup, if the stored key fit to the Device ID/password Hash.
If you let some download your apk, then it just get downloaded. Users will have to install it manually and what is worse, they won't get updates through the common android market mechanism.
if they have rooted phone then they can do anything with your apk. there is no security in android even you can get the source code of an app.
in your case the only way is to implement certificates.
I'm creating an Android application for a fantasy league as part of a college project. It's a paid application, and requires each download to be associated with only one team.
I'm confused as to how best go about it. If a user goes to settings and clears the data from there, all files, settings and databases would be deleted rendering a locally stored indicator for "The app has already run before and hence user is registered" as pointless.
Another option that had come to my mind was to store the IMEI no on a remote database (with SHA1 encryption to protect the data) but the problem with this is that, if a user loses or changes his phone, his further participation would be impossible. Additionally, users understandably don't like to share IMEI numbers and it's acceptable.
The best solution in my mind was to restrict usage of the app to the Google account that was used to download the application. With this, even a change of handsets would allow further participation of the user. However, I've not been able to find a way to obtain the Android Market account (only require E-mail) which resulted in the download.
So, my question is, how do I best go about with the problem that I face? Is there a way to get the Android Market username? Or is there a worthy alternative?
The server-side option is what you want, you can get a unique id from each phone and use that as your identifier.