I have developed one application and created the apk.Now I want to avoid the piracy of that application means if I have installed the apk on my device and if i am trying to install same apk on another device then it should not be get installed on another device. Is there any way to do it ?
well what you are looking for is personalized APK, means for each device you have to build once APK and in that you need to put logic that the APK can be installed on only one device; So to do that you can give one NUMBER in APK and after installation you can call a webservice to store that NUMBER in cloud database.
After every installation you need to do two things...
Query database using Webservice that perticular number is already store on clooud if yes then set a flag which never allow user to see the application data again...
If now found store that on server.
THis is just logic you need to think WHY YOU NEED UNIQUE APK FOR EVERY DEVICE?
If you want to do without Webservice and cloud DB you can use GetDeviceId() it returns the unique device ID, for example, the IMEI for GSM and the MEID for CDMA phones. Return null if device ID is not available.
So in your APK you need to check IF XYZ == GetDeviceId() Result then allow user to access the APPS; else write message that you are not authorise to view this.
For this you need to build APK after inquiring your USER about their DeviceID()
Related
I'm developing an application using Adobe Flash (AS3) which runs mainly on tablets.
I would like users to pay. So they have to activate their application.
To do this I thought about providing an activation Code that is built using a univoque Device Identifier (UDID)
So, the customer provides me his UDID and I return the activation code which works only on his device.
My problem is (I searched everywhere)... how can I obtain an UDID using AS3?
Or also, do you suggest a different approch to reach my goal?
Thank you very much!
Daniele
There is no single correct solution to what you are asking , It depends entirely on your needs and kind of app you are publishing.
createUID() function in mx.utils package Generates a UID (unique
identifier) based on ActionScript's pseudo-random number generator and
the current time.
But that may not help you as this ID is not machine dependent , user can simply publish his UID and your authentication key . User may need to install the app in other of his devices, user may accidentally delete the file which will delete the originally generated UID too.
A 64-bit number (as a hex string) is randomly generated when the user first sets up the device and remains constant for the lifetime of the user's device. The value may change if a factory reset is performed on the device.This is accessible using java by constant ANDROID_ID there is no library in ActionScript-3 to access this . But you can use this ane to get it.
Or You can use a sign in from facebook using this ane or google+ and use the customers unique id from there , but it would require him to give your app permissions to view some basic information.
I am new to android. I have a application to make where in i have to restrict the application's .apk file getting shared by the user to the other phone android phone holders.
Its like if i keep my .apk file in my own website then i want that the user can download the .apk from my website the cannot share the same .apk with some other person. I want to restrict the sharing of the apk to multiple phones. Everytime a user wants to install the app he/she has to install if from the play or through my website but the .apk shared cannot to installed.
Also i wanted to ask if we can distinguish whether the app is distributed and installed or installed from the play.
So can you please tell me some way out for doing this?
Thanks in advance
1) You can not stop users to forward your apk if they have apk in storage, what you can do is to delete it after your app installed(you should search it via some api and if found delete it), Limitation :- apk can be shared before installing.
and there are tools/apps exist in market which claim to convert installed app into apk, and then it can be forwarded to other device.
Similar question on Forward locking of apk
2) Though you can not stop user to forwarding of your apk, But can stop other user to use it, if they receive this app from other sources then your web, as I myself did it earlier, by client server communication where a key is getting generated on Server based on mobile IMEI, so this app is going to be activated for particular mobile based on IMEI number. hence if other users try to use it you can check if this IMEI is register or not, and take action accordingly.
Unless a user uses a USB cable/Astro file manager like utility, on a ROOTED phone, he wont be able to extract the apk out and transfer to another phone. And the percentage of users knowing how to root a device is very low. So this issue should not arise.
Even if it is assumed a user can very easily extract an apk (which a general user wont be able to), the problem whittles down to generating a unique identifier string on each apk, and then packing it within this apk. Now when it is extracted and installed on another device the app can check with identifier and close after displaying a "no-copying" message.
Note that the identifier should be tied to a unique string, say the device IMSI number, or phone number, or a combination of both. And this string needs to be written to a file that is transferred over when apk is copied, I would recommend a properties file in assets folder within the apk for this. Hope this helps
if somehow we manage to attach the app data folder with that APK.file of that app, then our problem will rectified easily. like if you send the folder of the app to someone then app will automatically loads your data to the other user. if he can't separate that two things (apk. file of APP and data folder of the APP).
Hope it will help you...and me too..
I developed an Android App and installed to three users' cellphones through Eclipse and USB connection. I don't want to put the App to google market. Now I got two problems:
How to protect the App and make it invalid in other cellphones. I know we cannot protect it 100%, I just don't want the App to be easily copied and run on other devices. What I have done was hard coding in my program to compare the AndroidID (save the AndroidID to a string and compare with current AndroidID). The problem is that if I have 100 users, I have to hard code 100 times.
How can I keep the users updated. Do I just upload the updated App to my own server and give them the link to download and install? In this case, the first problem comes out again: how to protect the App?
The first thing in my mind is that you can set a password that app requires the first time it run after installation and give that password only to enabled users
you could make the application check for the presence of some pre-determined "key" file and distribute the file separately.
For updating the app can download new apk files and use an intent to send the user to the Package Installer so that they can choose whether or not to install.
Is there a way to pass a custom argument to android market (or any other way) so my app receives the argument after it gets installed (and run for the first time).
Let me explain.
Start an intent with argument1="Hello world1" (custom argument
every
time)
Install the app from android market.
Open the app for the first time.
App shows the msg "Hello world1"
Any case will do, not just intent to android market.
Most of the time the app will be installed via Barcode scanner with a binded http schema. So a browser workaround is possible too, HTML5 Client Side Storage, (store argument to browser and get it from there the first time my app runs)
Update
A solution would be to create a cookie,or something to the browser and then access it from the application i installed. Is that possible? If so can you provide some information about that? Can browsers share data with applications?
You can publish a link like that
http://market.android.com/details?id=your.package.name&referrer=your_referrer_parameter
After user clicks this link and installs the application your broadcast receiver will receive a broadcast com.android.vending.INSTALL_REFERRER with "your_referrer_parameter" value.
More info:
http://code.google.com/mobile/analytics/docs/android/#android-market-tracking
Get referrer after installing app from Android Market
Get Android Google Analytics referrer tag
AFAIK what you're asking is not possible. The market only delivers the APK files to devices. However depending on what exactly you want to do there are probably many different work arounds.
Here are a couple thoughts:
If you want the market to deliver a custom argument that is unique for every user, then why not have your app connect to a server on the initial run and download that argument? Even if the market could provide the argument it would have to get it from you and you would presumably have to setup a server to provide the market with the argument.
If you simply want the app to know wether or not it is running for the first time you can do that using a SharedPreference. Query if a preference like hasAppRunBefore exists and if it doesn't then you know the app is running for the first time since install. Then set the hasAppRunBefore variable to some value indicating that it has run before. This implementation will allow users to uninstall the app and reinstall it and after each reinstall the app will run for the first time again.
Another option is a combination of the first two. You can have the app connect to your server and provide the server with the device's UUID then the server can check if its seen that UUID before. If it hasn't it provides the argument otherwise it doesn't.
If you truly need each APK to be different for each device you can setup a server that when a download request is received it compiles a new APK and provides a link to download that APK. That will allow you to generate a new and unique APK for each download. This will however require you to distribute the APK yourself as the Android Market doesn't currently provide this functionality.
I would go ahead and have the website that redirects to the market also push a file to the client. the file can be named something like "yourapp.info" and contain the data you need. Once your app starts, it can search the SD card (it should reside in a couple of well known directories, aka /sdcard/Downloads ) and read that file. There are no access restrictions on the sdcard.
Regarding a Cookie in the browser: I'm not sure that you could access the cookie from just any other app - (check this: blog.watchfire.com/files/advisory-android-browser.pdf - it's not possible to access the cookies) so I think that route will be closed.
I am developing an Android application, and common users have to pay for it. But, I want to offer that application for free to my webpage users. I have a login in that webpage, so I can control what users access to the application. So the question is:
If I put the .apk into the private zone of my webpage, and users access it through the mobile, Do they download the application and can distribute it, or it just get installed on the phone?
And what if they access by PC?
Is there any way to avoid the download of the file, and just install it on the phone?
I fear installing without downloading is not possible, maybe you shoud think about a second version which needs a key (e.g. created by the device ID and a secret Prefix.
User is downloading your apk
User get the message he needs to register
User send his Device ID to yor Webpage (and have to login before)
Your Website create a hashkey with the device ID and a secret password
The Application stored the key in the Preferences and will check at startup, if the stored key fit to the Device ID/password Hash.
If you let some download your apk, then it just get downloaded. Users will have to install it manually and what is worse, they won't get updates through the common android market mechanism.
if they have rooted phone then they can do anything with your apk. there is no security in android even you can get the source code of an app.
in your case the only way is to implement certificates.