I want to develop an app which I stream basic text information about sports. First of all I believe I need a server which my users connect to see my stream as soon as something new is published. But I don't have an idea about how to build something like that. I did some search on web to find lessons or answers but I wasn't able to find anything useful. If it's true that I need a server, is Java language good to code server's program? Because I only know a little bit of Java.
And I want my app to have a monthly fee. I'm completely new to programming but I guess I need a database to keep track of my user information. Do I have to build my own user membership system - which people register with their e-mails etc- for all this? Is it hard to do that? And again I don't have any source of information about this one too.
I'm lost at this point. I don't know what to search to get some answers. So I'm asking you guys. What do I need to build an app with monthly fee that streams live information? I'm not expecting a full answer here but at least I believe you guys can tell me where to look for answers. Thanks.
While I agree the question is very vague and open (we could write a thesis on the topic in question and everyone will have their own way to complete) my suggestion would be to research the following:
Java - read as much as you can about the language and ensure that you are happy with (or know where you can get access to good helpers) the syntax (you mention that you know a little about Java so that is a good start).
Android programming in general. Look up the Activity lifecycle (The Android documentation is good, read as much as you can, follow the examples and try out the tutorials! https://developer.android.com/training/basics/activity-lifecycle/index.html)
Read up on Firebase; this should make the server side a little simpler (although I have only a parsing knowledge (i.e., none) of Firebase, it looks like it will be a good start). Again walk through the examples / tutorials; do the Hello World and then pull it apart to see if you can figure out how it is holding together.
Then when you have questions (which you will, we all do!) come back and I know that you will get some great help!
Once you have a few applications under your belt (personal 'play' apps) then and only then would I consider looking at the Google Play API (https://developers.google.com/android-publisher/).
Hope this gets you on the starting grid at least! Good luck!
Gav
I'm constantly trying new apps and my phone is getting cluttered with old apps, I no longer use. So, I thought I'd develop a simple app to help me out. There are similar apps, but none does exactly what I want:
I would like to have a list of apps which I've installed in the last month, which I've used X number of times (for easy access: They may be keepers!) as well as those I've not used in Y weeks.
Is there any way to get app usage statistics with Android? I guess ActivityManager might help me to gather that statistics, but is there a way to read just when an app has been used last? Or how many times in a given period?
Any tips will be most welcome :)
You can try out my app for uninstallation of the apps you don't need : https://play.google.com/store/apps/details?id=com.lb.app_manager .
Also, if you wish to find exact usage statistics of your apps, you can use my app this way: find "settings" (the app itself) inside the list (you can perform a search query), choose to make a shortcut of it, and then choose on the dialog "Usage Statistics". This way you can perform both the operations you wanted.
I also plan on adding this feature somehow in the future, but that's what you can do for now.
Here's a screenshot (it's the first on what I show here) :
I am looking to use one of the social networks in my Android program.
Most important for me is the ability to build a continuous leadership board in which players move up and down depending their wins/loses to others.
The idea is for players to challenge others head-to-head. The winner gains points and the loser loses points.
Equally important, I want this feature to include the possibility to "charge" the player game coins.
Scoreloop includes the possibility of challenges but they are there in order to win coins off other players. In other words, they are the means to the end.
In my case I need it to be the other way around. The "ends" is to be higher in the leadership board and the "means" are to play others with coins.
Scoreloop do have a continuos leadership board but it is not accessible from the program.
I tried looking at OpenFeint but their site is a real mess. It is impossible to understand from there exactly what is and isn't available.
I signed up and tried to add my program. I ended up adding it four times and cannot delete it!
Check out Swarm, which provides a similar feature set to the others you mentioned (Scoreloop, OpenFeint), but also specifically includes a virtual goods system (coins), that you could use to have users purchase challenge attempts (which sounds like what you're looking for). The docs are extremely well written, integration is a snap :)
Create a leaderboard using either OpenFeint or Scoreloop (we started off with Openfeint but quickly moved on to scoreloop - If you want the details, I'll be happy to explain our reasons).
Once its up, make sure its a leadarboard that allows overriding scores with worse scores.
Implement an ELO rating calculator. see: http://en.wikipedia.org/wiki/Elo_rating_system
Each player starts with a certain score (I use 1500, so that ratings will resemble the chess ratings range).
On a match end, you re-calculate each user's new Elo rating, and post it to the leaderboard.
You end up with a leaderboard that ranks each user according to their skill. i.e. the more they win, the higher their score is.
EDIT: per user request - her are some of the reasons that made us move to Scoreloop:
OF documentation looks like it was ported from iOS, and very badly so. For example, the docs gives an example of initializing OF in your Application class. This will cause their "Join / Don't like fun" full screen dialog appear out of the blue, when users are busy using other applications, as android will kill and re-create your application in the background as memory availability change.
ScoreLoop automatically creates a "userId" for the user, without them having to register / login. This allowed us to post user's highscores and display their highscores without having to bother the user for logging in.
Scoreloop have an "offline" mode, which makes it much more robust, efficient, accurate and easy to use.
In flaky network situations, OF login process took a very long time, and affected the game performance. (see #3 above).
OF does not allow you to fetch a score rank. If you want to get your user's rank, you have to fetch the complete leaderboard, cycle through it until you find your user's entry. This "solution" pretty much makes this option not-available.
Scoreloop provided us with grate support. I've opened several tickets, they all got answered promptly and professionally. These guys rock.
I wrote this code a while back, so there might have been other reasons which I forget.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
So we've been through this several times now, we release a game (for cheap) and someone hacks it and puts it up on a mirror. We setup Google Alerts for all our apps, so we get told daily who's doing the hacking. So far, we have implemented the licensing service as Google has suggested, our salt is randomly made each time the license is initiated with the unique device ID. We run the check service once, when the application is started for the first time. We then generate a 512 character hash for the key and the stored value that is compared against in SharedPreferences from there on out.
Now, I know that checking once is probably where the application is being blocked. Our bytecode has most likely been looked at and recompiled without the line that initiates the check.
From here, I don't want to obfuscate our code as I have seen it broken before. I want something a little more solid, and I also want to learn how to do this properly. I am more interested in learning than making money at this point since only 2% of people will ever look for a hacked version.
So far, on my own, I have come up with a random number generator that is placed in several startup areas of the game. When initiated (say, 1 out of 50 times) the license is checked. I know this would make it harder to hack because the cracker would have to eliminate each case, compile, eliminate, compile. This method however, is still crackable...so what do you guys suggest? Again, I am really interested in this process of security, so please educate, don't turn this into a discussion on obfuscation or checking periodically based on a timestamp.
Thanks
My idea isnt hacker proof, but might remove some of the interest for hacking the game.
Freemium model
1) Make the first 5-10 levels free so people can learn the game and have some fun without paying. Less will want to hack the first level and the game will spread even further by Freemium model.
Shareware/clustered levelpacks
2) Let part of the game levels or logic stay online. Eg. when reaching for level 5 or 10 or 15, then download small parts for the game, and every time submit the progress-log from the game and validate this against possible values + hashcodes. This could perhaps make it possible to automatically close down of hacked accounts.
Stealth cheater protection
3) You could also just count "small warning flags" that you place around in the game. Dont just check for the "validation" in the beginning, no build these flags into the game logic itself. Dont make it break the gameplay, because then noone will look for it.
Then when the user reached the end of level monster, check if there were any logged warning flags. These will not show up inside the game, so the unknowing user with a hacked edition could be playing for hours/days and suddently realize that he/she couldnt finish the game or advance to next level, because the game had a "bug". What the user didnt know was that this bug only occures on hacked clients.
Conclusion
Be smarter than the crackers. Fool them into thinking the job was done. Make a copyprotection and know that the more advanced crackers will be able to remove it. But they probably dont want to play 50 levels to check if the crack also works all the way.
Once they realize this problem, they might start to crack it too. But if you break the game up into level-packs, you can still validate between each pack download. So once you receive hacked client hash data, then just execute an exeception and crash the game on the client. Whoops the game crashed. Dont tell its because its hacked. A program error can happend. :-)
Again, its not hacker proof. But it might annoy them enough to move on to the next game. Lastly, you could also put out regular updates for the game and only the latest version should be able to "post the records" etc. so the active users would have to update to keep in the loop.
I have been doing some apk decompiling and hacking for a while (not warez, but mods and hacks mostly to the google apps and the android framework, always abiding xda-developers policies).
Once you learn to read smali, it is almost as reading the original java code (but with way more LOCs). So, any code you add to check for keys can be found and deleted or replaced. You don't even need to recompile each time to eliminate more than one (some searches do miracles to find similar pieces of code) and, even if compilation/recompilation cycles are needed to find them, it's just a matter of one or two minutes to decompile: everything is automated by apktool and even more by apkmanager.
Having said that, my suggestion to you is to implement some sort of online scoring table or similar, and when the user looks at the score table online, you can check the hash code you implemented and compare it with the associated gmail account. That way you can report the hack to google and send a nasty message to the user of the warez, explaining why that is illegal.
Of course, a new hack could be implemented to eliminate the scoring table, but that would reduce the interest for the warez.
Good luck.
Update
After researching to answer this question: Injecting code into APK (really about the Amazon DRM mechanism), I can tell a little bit on how Amazon is protecting the apps: it includes methods for checking for the installation validity everywhere (you can see an example of how they do it in my answer to that question). This will make any attempt to hack an app not very difficult, but extremely tedious. I believe that is a strong point: hackers won't want to spend so much time doing so many repetitive tasks: it's not challenging and it's boring. The main flaw I see in that approach is the possibility to hack the Amazon app itself to always return a valid answer, of course. But, if you mix your current hash checks with some sort of online check scattered among your methods, I believe the chances of it getting hacked may be drastically reduced.
Taken from my solution from this post Avoid apk cracked
Implement your own licensing library
I'd also refer you to check out this from Google I/O 2011 YouTube recording:
Evading Pirates and Stopping Vampires
EDIT:
The Presentation Notes from Evading Pirates and Stopping Vampires
Some basic keypoints
Modify the LVL
Implement LVL Tamper Resistance
Use obfuscation
Add reflection
I know you're not really into obfuscation, but I really need to react to this:
From here, I don't want to obfuscate
our code as I have seen it broken
before. I want something a little more solid, and I also want to learn how to do this properly.
ProGuard is very reliable in my experience, and this although I use a couple of advanced features such as AIDL and some native code which calls Java method.. It takes a little work to read the documentation and do things properly, but once you're there ProGuard is extremely reliable and also optimizes your app.
Custom security/cryptographic tricks are good, but without obfuscation it's like throwing a stone in the water in my humble opinion.
I've used ProGuard in production for many months, and it just works flawlessly.
If you're into learning, then read the ProGuard manual carefully, experiment with it, and inspect its output logs.
Chance, that there are more talented programmers then YOU (applies for all programmer), is 100%. And if that is true, you can not fix hacking. But you can spend as much time and effort on it to go bankrupt.
If you want to make some serious money you need to do some research on your target user group, and behavioral science. You need to make users playing that bring in new money, and thats it.
Besides, you got it all wrong. Hackers are most active members of your user base, thy just behave in a way you did not intend them to.
Take Zynga games on Facebook for example, do you think thy get hacked? - Sure, and about +100000 players only play, because thy can use bots, that automate everything.
Having huge active user base botnet of actual people, makes archiver type gamers want to play the game - and if thy play, and it looks cool, then Avarage Joe will also want to play. If Avarage Joe plays, then his friends might want to play, and thy probably will not care anything other, then being better then his/her friend, killing time or having something to chat about. Avarage Joe friends will most likely be willing to pay to be better then Joe, but rather thy would like to invest in something that makes them able to be better.
Besides if the real value is playing the game for free, then users who use the free hacked version, will most likely never would have payed for it. But thy are Avarage Joes and their friends just might. So this is like the cheapest commercial you can have. If you want to make money of your large userbase, then just make new versions of the game with small changes to levels and graphics.
Piracy will always be an issue. By in large crackers are better at playing this Security Though Obscurity game than developers.
What an interesting and disturbing question. :-) As an exercise, you might try releasing an app through Amazon; they have their own DRM mechanism; I wonder if it works any better than ProGuard...
One of the key elements in my opinion is to spread out the code so it's not all in one place. If you have a function called LicenseChecker.checkLicense() which retrieves the license and checks it, you can be sure it will be disabled promptly.
The one advantage you have is that the crackers cannot see the comments of your code (and, if you obfuscate, method/variable names), so come up with something weird. In the onCreate() of one activity, you get the license ID. In onResume(), you get another value to check it against. Maybe create a thread and do some checks there. And then, some other irrelevant piece of code (maybe the player control) might pick up the value and compare it and store the result somewhere. Then three other irrelevant pieces of code will all independently check that value and disable your application if it doesn't match.
Now I should say upfront that this can cause headache for yourself - obviously, cluttered, nasty code is harder to debug and prone to cause errors. Worst case, you create false positives in legitimately purchased applications.
And, of course, everything can be reverse-engineered - once the crackers find the place where the app is disabled, they trace back the value that's being read from. They could then trace back where it's being stored, and trace that back..... or, much easier, they can just disable the final check (which is why I recommended 3 different places, all triggering delayed). Security is only as good as the weakest link.
You will not be able to stop piracy. Your best bet is to delay the spreading of a pirated copy until the initial hype about your app has calmed down.
First, I do NOT consider myself a pro in the SW security field whatsoever, but:
I think an important thing is to let the application be dependent in some part(s) on the signature check. Don't let it affect immediately, but let it set some flags or change some values. later on, use those flags, check them, let the absence/incorrectness of them cause an exception of some kind which will terminate the application maybe. As long as the signature check is only relevant at the moment, it is easy to bypass it, to remove the line, once it touches more areas in the code, your application becomes harder (or less easier...) to hack. Also as I see it, not all checks should call the same routine for the sanction, because this will also make it easy to find the protection mechanism and terminate it.
Of course, the sanction to take in cases of illegal SW may vary, you might want to crash the application when used illegally, but you might as well want to keep it running, and only send message that asks the user to buy a legal copy of the application.
If this is just what you didn't want to hear, then I'm sorry for your time :)
Android users are just going to have accept the pain of constant phone-homes. The only secure Android app is an always-connected Android app.
This is, in large part, due to Google's refusal to lock-down the installation, like Apple has. On IOS you have to jailbreak the phone. On Android you can load any APK on a stock, factory install.
Keep some/most/all your content on the server; deliver it in chunks; validate the license/session on each call.
It will be incredibly hard to inhibit this kind ov behavior. Anything that is handled on the client-side is hackable using APK decompilation and modding, memory editing with software such as Game Guardian ect.
The only way I can see how partially getting around it, would be to make an online game instead. Or have certain functions handled online. Or if anti-tamper encryption like denuvo ever is available for Android / iOS.
There is a specific and official analytics SDK for native Android apps (note that I'm not talking about webpages in apps on a phone). This library basically sends pages and events to Google Analytics and you can view your analytics in exactly the same dashboard as for websites. Since my background is apps rather than websites, and since a lot of the Google Analytics terminology seems particularly inapplicable to a native app, I need some pointers. Please discuss my remarks, provide some clarification where you think I'm off-track, and above all share good experiences!
1. Page Views
Pages mostly can match different Activities (and Dialogs) being displayed. Activities can be visible behind non-full-screen Activities however, though only the top-level Activity can be interacted. This sort-off clashes with a "(page) view". update -> Read http://android-developers.blogspot.com/2010/12/analytics-for-android-apps.html and accept it.
You'd also want at least one page view for each visit and therefore put one page view tracker in the Application class. However this does not constitute a window or sorts. Usually an Activity will open at the same time, so the time spent on that page will have been 0. This will influence your "time spent" statistics. How are these counted anyway?
Moreover, there is a loose coupling between the Activities, by means of Intents. A user can, much like on any website, step in at any Activity, although usually this then concerns resuming the application where he left off. This makes that the hierarchy of Activities usually is very flat. And since there are no url's involved. What meaning would using slashes in page titles have, such as "/Home"? All pages would appear on an equal level in the reports, so no content drilldown.
Non-unique page views seem to be counted as some kind of indicator of successfulness: how often does the visitor revisit the page. When the user rotates the screen however usually an Activity is recreated, thus making it a new page view. This happens a lot. Maybe a well-thought-through placement of the call might solve this, or placing several, I'm not sure.
How to deal with Page Views?
2. Events
I'd say there are two sorts:
A user event
Something that happened, usually as an indirect consequence of the above.
The latter particularly is giving me headaches. First of all, many events aren't written in code any more, but pieced logically together by means of Intents. This means that there is no place to put the analytics call. You'd either have to give up this advantage and start doing it the old-fashioned way in favor of good analytics, or, just be missing some events.
Secondly, as a developer you're not so much interested in when a user clicks a button, but if the action that should have been performed really was performed and what the result was. There seems to be no clear way to get resulting data into Google Analytics (what's up with the integers? I want to put in Strings!).
The same that applies to the flat pages hierarchy, also goes for the event categories. You could do "vertical" categories (topically, that is), but some code is shared "horizontally" and the tracking will be equally shared. Just as with the Intents mechanism, inheritance makes it hard for you to put the tracking in the right places at all times. And I can't really imagine "horizontal" categories. Unless you start making really small categories, such as all the items form the same menu in one category, I have a hard time grasping the concept.
Finally, how do you deal with cancelling? Usually you both have an explicit cancel mechanism by ways of a button, as well as the implicit cancel when the "back"-button is pressed to leave the activity and there were no changes. The latter also applies to "saves", when the back button is pressed and there ARE changes. How are you consequently going to catch all these if not by doing all the "back"-button work yourself?
How to deal with events?
3. Goals
For goal types I have choice of: URL Destination, Time on Site, and Pages/Visit. Most apps don't have a funnel that leads the user to some "registration done" or "order placed" page. Apps have either already been bought (in which case you want to stimulate the user to love your app, so that he might bring on new buyers) or are paid for by in-app ads. So URL Destination is not a very important goal.
Time on Site also seems troublesome. First, I have some doubt on how this would be measured. Second, I don't necessarily want my user to spend a lot of time in my already paid app, just be active and content. Equivalently, why not mention how frequent a user uses your app?
Regarding Pages/Visit I already mentioned how screen orientation changes blow up the page view numbers.
In an app I'd be most interested in events/visit to measure the user's involvement/activity. If he's intensively using the app then he must be loving it right?
Furthermore, I also have some small funnels (that do not lead to conversion though) that I want to see streamlined. In my mind those funnels would end in events rather than page views but that seems not to be possible.
I could also measure clickthroughs on in-app ads, but then I'd need to track those as Page Views rather than Events, in view of "URL Destination".
What are smart goals for apps and how can you fit them on top of Analytics?
4. Optimisation
Is there a smart way to manually do what "Website Optimiser" does for websites? Most importantly, how would I track different landing page designs? update -> Seems I could use the Custom Variables for that. More details are still welcome.
5. Traffic Sources
Referrals deal with installation time referrals, if you're smart enough to get them included. But perhaps I'd also want to get some data which third-party app sends users to my app to perform some actions (this app interoperability is possible via Intents).
Many of the terminologies related to "Traffic Sources" seem totally meaningless and there is no possibility of connecting in AdSense.
What are smart uses of this data?
6. Visitors
Of the "Browser capabilities", "Network Properties" and "Mobile" tabs, many things are pointless as they have no influence on / relation with my mostly offline app that won't use flash anyway. Only if you drill down far enough, can you get to OS versions, which do matter a lot. I even forgot where you could check what exact Android devices visited.
What are smart uses of this data? How can you make the relevant info more prominent?
7. Other
No in-page analytics. I have to register my app as a web-url (What!?)?
Google Analytics is pretty good for basic tracking of Android app usage. If you need more mobile-app-focused analytics you may also want to look at these:
http://www.flurry.com
http://www.capptain.com
A benefit of these over Google Analytics is that they are designed to track mobile app usage, rather than web site usage, so are more specific in what they do, but to be honest there's always going to be work for you to do to define what actions within your app matter to you enough to track - that's more about the needs of the business, than the technology.
I am not convinced with google analytics for tracking our application. Because as per my requirement i would like to get the error or crash report from my launching application in market. From this error report i could see the stack trace of the crash so that i can fix my bug. But from google analytics i am not sure how to get these details, I would suggest the best crash report trackr is Acra you will get more info here http://code.google.com/p/acra/
If someone know how to get these crash report using Google analytics please share.
I've no analytics experience but after searching a while i found this page Flurry-vs-Mixpanel-vs-Google-Mobile-Analytics-who-wins-Why and i think you can find useful information and I also decided to use Flurry