I have a simple question as to how can we prevent the user to share an apk file from his/her device to others.Like if i put a paid application in the market and a user downloads it . If its downloaded how can i be sure that he doesn't transfer the application to other or puts it in some third party market . I need to find some security measure to do it for my application.Is there any permissions that needs to be added or any third party security .
All the answers are appreciated.
As I came across this link. How can i prevent LVL
The Google Licensing Manager is what you should use which can be found at http://developer.android.com/google/play/licensing/index.html.
This uses some code that you can put at the start of your application that uses the licensing API to check that your app is licensed. This is done by checking that the account that the user is using on their device has paid for the app via Google Wallet and that a refund has not provided. If it is found to have been paid, then you can let the app run, otherwise you can display an error to the user informing them that it is not licensed. Most apps that do this provide a button that will launch the play store at your app to let them download the legit version.
This doesn't directly stop users copying the APK or publishing it on other markets but it ensures that app cannot be used unless has been purchased by the current user on the Google account they are using.
Although there may be ways to circumvent this check but this is probably the best and most reliable way.
Hope this helps.
You can do something like verify user on your server when app launched, but you cannot force user not to share .apk by technical means. Apk can be easily copied from non-rooted device, and there's absolutely impossible to prohibit user to copy .apk from rooted device even if Google adds some copy protection in future.
Related
I have an Already paid App in Playstore. then I want to check user already paid in play store or not. If the user installs apk from other Resource(like Bluetooth, Xender.etc) how to prevent those users who not paid or not Install From Playstore.
It Totally Depends on you and your phone!
Let me Explain You Clearly:-
There is a feature in most of the Paid Third-Party Apps which is called license verification. This is how this whole process works:-
If you buy an app, at the first launch it will require an internet connection, then it will verify a license from play store which you buy at the time you buy the app. Then if the verification is successful the app will launch. But if you share an app with a user who didn’t purchased the same app and tries to open, it will say you to buy the app.
There are another methods by which you can bypass the verification. To do that you will need to root your device (which is very risky) and do some editing with that app(a little complicated).
So Indirectly Yes it can run
But the Direct Answer Is NO.!
Source - My Experience!
I am trying to understand the Android Application Licensing. I read most of the documentation on the android website about this subject, but I'm still confused.
Here is my dilema:
I create an Android app and I'm deciding whether I want to release it as a paid app or in-app billing. Now, I'm currently looking into releasing the app as paid. My understanding is that I can submit the app to android google play ( or market) as paid and specify the price of the app and that's it.
However, I see that google provides the Application Licensing service which seems to allow Google to control a list of users who purchase the app and verify that the user has indeed paid for the app. Otherwise prevent users who have illegally installed the paid app on their devices if they didn't purchased it. Please correct me if I'm wrong so far.
Now, it seems that when the application is first executed, it will use Google's application licensing to check whether the user is authenticated. What will happen if the user does not have internet connectivity? Will the app still be able to launch or will the app require internet connectivity in order to run every time?
Thank you
Andy
Of course checking the license need internet connectivity.Android is doing this using the google play services client in your device.
But the decision making on allowing user access is given to us.We can implement the Policy interface, There we get two methods, processServerResponse() and allowAccess().
processServerResponse(), lets us to preprocess the response we got from licensing server like storing the licensing information locally etc.
allowAccess() decides whether to grant the user access to the application.In this method we can decide whether to allow the user access in case of no internet connectivity.(some policy like, user can gain access 5 times without internet connection etc.)
Suppose I have a wifi network with a walled garden that prevents users from accessing Internet unless an authentication procedure is performed via browser.
Suppose I have an application on Google Play that automates this process for inexperienced people. And suppose 95% of users are inexperienced and unwilling to perform SMS-OTP authentication on a site that is not optimized for mobile.
Scenario
A person asks a clerk how to connect to internet using Android. The clerk suggests the person to download the Android app, but the person responds he has no Internet access because he has no 3G data plan.
Possible workaround
The walled garden portal detects the device running Android by user agent and says: "Would you like to download an APK from our internal network without having to go to Google Play?". The user accepts, unlocks unknown sources and installs the app.
Question
In this scenario, if a user downloads an APK of a Google Play-available application, signed with same key, on his device, will the installed application be linked to Play and subject to updates? And I mean without using a Market linker app.
That's my old answer, don't read it, just skip to the edit portion:
Short answer is no!
I'm sure there're geeky ways around to link an app to its Google Play
variant, but your scenario of non-geeky customers I reckon the best
option is to program the network to allow Android mobile access
(checking the user agent) to play.google.com (maybe even from the
redirection website auto-launch the google play link direct to said
app).
edit:
I'm thinking a bit more on this problem and I would like to change my answer to "I don't know" (what a horrible answer). But I would like to propose a test that you can do it yourself.
The reason I'm changing the answer is because I remember now apps like Titanium and they do link the app to the Play whenever restoring a backup. Of course, Titanium needs root, but that's because it's messing with other apps, not its own.
So in light of what I discusse I'll suggest you a simple test:
build an app, anything, Hello world!
Upload this app to Google Play and make it active
Wait a few hours for Google servers to make it available
Manually flash the same build version (with exact same signing key, etc) to a device.
Reboot the device (to be sure the system will read through installed applications and do communication with Google Play)
Go to Google Play on the device and check if it shows the app
It's possible that the app have the same package name and signed with the same key, the Google Play on the device itself will recognise it as the same and link it.
I have a paid app in the Play Store (Profile Widget, in case anyone is wondering ;)) and I want to allow some users (friends, or people who do not have a credit card) to download it for free.
Of course I could just send them the APK, but they wouldn't get the updates automatically, and with every update to the app I would have to send them all the APK file again. And also, by using this method, anyone that had access to the APK file would be able to install the app for free.
I saw that by using the Android Licensing Library you could make some users bypass the License Check, but I want the app to show as "Purchased" for them in the Play Store, and I don't think this would do it.
I searched Stack Overflow but none of the solutions I found (like creating a separate APK and checking for its existence from the "real" app) handled the auto-update part.
Has anyone found a good solution for this?
Thanks in advance!
You can now generate and distribute promo codes to current and new users on Google Play to drive engagement. Under the Promotions tab in the Developer Console, you can set up promo codes for your apps, games, and in-app products to distribute in your own marketing campaigns (up to 500 codes per app, per quarter). Consider using promo codes to reward loyal users and attract new customers.
Reference:
1) http://android-developers.blogspot.in/2016/01/create-promo-codes-for-your-apps-and-in.html
2) https://support.google.com/googleplay/android-developer/answer/6321495
The best solution is to have them buy the app, then refund their purchase. It would still show up as paid. Alternatively, you could give them the app, and license it via the LVL, and configure their email addresses as test accounts listing as purchased., but then they won't get updates.
I have the same problem, I've checked and from what I can see there is no analog to the Apple system (Give out a one-use code to download the app).
If you just give them the APK you don't get Crash/ANRs from them and they won't automatically get updates.
It is something that Google really do need to fix, sorry there isn't a better option.
(I have the same problem for my own device (you can't buy your own app), I had a crash that was rare in the app on my own phone, but I couldn't reproduce it at a computer and the logs had well cycled past the error by the time I did, Being able to get the crash report through the developer console would have saved me a lot of mucking around)
this is an updated and no credit card method.
You can create a free version of the same app in the play store,
but publish it in alpha release.
Then, you can create a google+ provate group of alpha testers and set it as the tester group for the alpha version.
Now add the 'free licensed' users to the alpha testing group and they have your free app.
To push updates, you will have to upload updates also to the 'free alpha', that's not gold, but I think is pretty close to the best you can get at the moment
This method has an issue. As long as licensing is per-App, you will have a different license key, and it may always return TRUE, so if the users share the apks, they may be able to let other people use the app, not totally sure about this occurrence, but you are warned, better if you are sharing the free app to trusted users.
You can set up a sale at price zero for the paid app and let your contacts know about it. Google allows up to 8 days of the sale at a time, but you can also set it up for a single day. This way, you may still get a few downloads from unintended recipients, but the 'problem' will be far more controlled than if you were to mail out APKs. Other problems like updates are also solved automatically.
You can upload in third party app stores like Amazon App Store, Aptoide , www.proapk.in to allow users to download paid Android apps for free.
For downloading the app as a developer: Google Playstore's official word on this, is that you must create a 2nd google account to download the app you are listed as developer for. That way the stats for downloads and terms are not breached. Spoke about same issue today (though its a while after the question was posted, others should see this with similar issues)
For giving it away free: Can't you just change the app to free at a given time then notify those people to hit it during a certain window?
I'm totally new to the Android Play store. I'm working on an app that is almost finished and ready to publish.
But I notice that you can copy the apk file (after purchase) to another location (sd card for example) and install it on another device. That is something I want to avoid.
My questions are:
Does the Google Play store sign the apk file with some unique id before downloading? If is true, can I read/get this code from the
apk?
Is it possible to know the email-address of the user that purchase the app or can I access some other details of the user?
Is it possible to get an unique detail of the device?
Is there another solution available to protect the copy of the apk?
I want to create a registration method that binds the device to the app, so when the user tried to copy the app, it is not possible to use it. Is this all possible?
If you have any questions, let me know.
PS: I used Adobe Flash Builder to build the app.
Your best bet is a combination of LVL (Android License Verification Library) and tracking device installations.
LVL
http://developer.android.com/guide/market/licensing/index.html
Tracking Device installations
http://android-developers.blogspot.in/2011/03/identifying-app-installations.html
To verify that the user has paid there is a Google Play Licensing service, you can use it. There are copy protection mechanisms on Google Play if you choose to use them, but they are deprecated now since you are supposed to use the service I just mentioned. You can gather some unique device details, there are APIs to do that, but this is not really needed.