I am new to android. I have a application to make where in i have to restrict the application's .apk file getting shared by the user to the other phone android phone holders.
Its like if i keep my .apk file in my own website then i want that the user can download the .apk from my website the cannot share the same .apk with some other person. I want to restrict the sharing of the apk to multiple phones. Everytime a user wants to install the app he/she has to install if from the play or through my website but the .apk shared cannot to installed.
Also i wanted to ask if we can distinguish whether the app is distributed and installed or installed from the play.
So can you please tell me some way out for doing this?
Thanks in advance
1) You can not stop users to forward your apk if they have apk in storage, what you can do is to delete it after your app installed(you should search it via some api and if found delete it), Limitation :- apk can be shared before installing.
and there are tools/apps exist in market which claim to convert installed app into apk, and then it can be forwarded to other device.
Similar question on Forward locking of apk
2) Though you can not stop user to forwarding of your apk, But can stop other user to use it, if they receive this app from other sources then your web, as I myself did it earlier, by client server communication where a key is getting generated on Server based on mobile IMEI, so this app is going to be activated for particular mobile based on IMEI number. hence if other users try to use it you can check if this IMEI is register or not, and take action accordingly.
Unless a user uses a USB cable/Astro file manager like utility, on a ROOTED phone, he wont be able to extract the apk out and transfer to another phone. And the percentage of users knowing how to root a device is very low. So this issue should not arise.
Even if it is assumed a user can very easily extract an apk (which a general user wont be able to), the problem whittles down to generating a unique identifier string on each apk, and then packing it within this apk. Now when it is extracted and installed on another device the app can check with identifier and close after displaying a "no-copying" message.
Note that the identifier should be tied to a unique string, say the device IMSI number, or phone number, or a combination of both. And this string needs to be written to a file that is transferred over when apk is copied, I would recommend a properties file in assets folder within the apk for this. Hope this helps
if somehow we manage to attach the app data folder with that APK.file of that app, then our problem will rectified easily. like if you send the folder of the app to someone then app will automatically loads your data to the other user. if he can't separate that two things (apk. file of APP and data folder of the APP).
Hope it will help you...and me too..
Related
I want to sell custom apps so I need to know how I can privately publish them over the net without giving away apk file.
Is there a way that I can give the customer a password that he/she will use to install the app only once from a website
without getting the apk file? After the installation the access to the download should be cancelled.
You cannot install apps without using an APK file, unless the target device is rooted.
Even Google Play downloads APK files for applications. They are stored in /cache/download, which can only be browsed with root access. Once downloaded, they get installed in /data/app, which also requires root access to read.
Google Play alpha/beta testing
What you could do, as a workaround, is use the Google Play alpha/beta testing feature with a private Google+ Community. This will allow you to control who is able to download your application through Google Play, but it will not prevent them from rooting their device, and retrieving the apk.
You will get all the benefits of Google Play, and your customers wont notice any difference, once they've joined the Google+ Community.
Use alpha/beta testing & stages rollouts
The only thing i can think of is have the first activity that starts up create a large random string from the device's id and then send that string to your server ( assuming you have one ). If this is the first time your server receives a code for this app, let them in and store the code, then return a response of "OK" to your app, if its not the first time, check if this is the code you stored previously, if not return "NO", if it is the right code return "OK". then have your app shut down if it doesn't receive "OK" back from your server. This of course adds extra cost and requirements to your app...
If they have to install it on their devices, they have the apk already, and there is no need to root access though, you can retrieve the apk with ES File Explorer in a second. What is your concerns, your codes? Or something else?
I have developed an android application and I want to distribute the application on tablet. This means my client will not require to download the apk as it comes with tablet.
This software is for training purpose i.e. video and other documents.
I don't want the apk to be extracted, in another words, I would like to bound the apk to run a specific device.
In summary, my aim is to deliver the apk with tablet device (and I want to avoid extraction of the apk).
Is this achievable?
If the user gains root access on the tablet, you cannot do anything to avoid this.
However without root access, if the apk comes shipped with the tablet, there is no way that someone can send it to other tablet/phones.
If you want to add further security, you can do a simple offline authentication, when the app starts.
eg
1) on first install, prompt user(who will be you, since you have to install the app before giving the tablet to an employee - right? if I understood correctly your problem) to give a user and a pass.
2) Then save credentials in phone(using preferences), and later on(step 3) match them with some hardcoded ones in your apps code.
3) Each time app starts, do a quick check of preferences credentials, and if it doesn't match, close the application.
While this isn't very good way of securing your app, you may come up with a more reliable solution. If tablets have internet access all the time, you can add a proper username/password authentication, but you have to create some sort of accounts to all of your users.
Did you know something about Signed-apk?? First of all create your account on play-store and get the keystore for your project. then create a signed-apk using keystore and password given.
I have a question on the apk distribution. We all know that we can distribute apks through bluetooth, emails etc.
Now, when I download any apk from the google play, the app gets installed and that we cannot share it by using the licensing policies.
I have my apk on a website. I want the same thing. I want fresh installs from the website also. The app should not shared with any1.
Is there any way to this? Any suggestions on how to do this?
As I said in comment, You can not stop users to forward your apk if they have them in storage, what you can do is to delete it after your app installed, but it can be shared before installing.
and there are tools/apps exist in market which claim to convert installed app into apk, and then it can be forwarded to other device.
Similar question on Forward locking of apk
Edit :- though you can not stop user to forwarding of your apk, But can stop other user to use it, if they receive this app from other sources then your web, as I myself did it earlier, by client server communication where a key is getting generated on Server based on mobile IMEI, so this app is going to be activated for particular mobile based on IMEI number. hence if other users try to use it you can check if this IMEI is register or not, and take action accordingly.
I developed an Android App and installed to three users' cellphones through Eclipse and USB connection. I don't want to put the App to google market. Now I got two problems:
How to protect the App and make it invalid in other cellphones. I know we cannot protect it 100%, I just don't want the App to be easily copied and run on other devices. What I have done was hard coding in my program to compare the AndroidID (save the AndroidID to a string and compare with current AndroidID). The problem is that if I have 100 users, I have to hard code 100 times.
How can I keep the users updated. Do I just upload the updated App to my own server and give them the link to download and install? In this case, the first problem comes out again: how to protect the App?
The first thing in my mind is that you can set a password that app requires the first time it run after installation and give that password only to enabled users
you could make the application check for the presence of some pre-determined "key" file and distribute the file separately.
For updating the app can download new apk files and use an intent to send the user to the Package Installer so that they can choose whether or not to install.
I know we can access device database thru abd tool with rooted privilege. My questions are 1. how the installed app access the database if I installed the app thru email (not thru the android market) 2. if this app is distributed by the Android market, is the db still can be installed at the /data/data/packagename/databases?
This is how I did on the question 1.
I used self-certificate-key-store to sign the app, email it to my acct., and then installed it on my phone. When I launched the app, my app still can't find the App's database which is supposed to be copied from asset to /data/data/packagename/databases.
This part was working fine in the eclipse emulator. Do I need to configure something on my phone, in order to write the database to the /data/data/... directory? This really drives me crazy...
Question 2:
If the apps distributed by the android market, can that app is able to copy the database from the asset folder to /data/data/.. Moreover, does phone users has previlege to change data to that database at /data/data/.. My apps are supposed to ask phone users to save their data to the database.
Thanks
Maybe this can help you with initializing your database from assets.
W.r.t. Q2: It does not matter which way your app came to the phone. As long as its package name and its signature public key are the same the app is treated exactly the same.
And, yes, your app can of course read and/or write to its own database(s). The common "non-root" user has no direct access to it but only via your app.