Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Looking at some postings at stackoverflow, as of writing, there seems to be really no way to effectively prevent app piracy.
is anyone here actually losing money from app piracy?
what's your current solution (free or non-free) against app crackers?
what are some of the popular & reliable solutions for protecting enterprise level apps?
Use the LVL (License Verification Library) provided via Google, its a server side verification that the user actually bought your app.
http://developer.android.com/guide/market/licensing/index.html
Use other techniques to detect if you application has been tampered with, there are a few and they are covered in this blog post and the I/O video. Assume it was pirated if tampered with. (Double extra check to make sure you don't mess this up and annoy real users)
http://android-developers.blogspot.com/2010/09/securing-android-lvl-applications.html
http://www.youtube.com/watch?v=TnSNCXR9fbY
Use AntiLVL against your own application, attack it like a cracker! This is actually really fun and educational, see how much work it takes to crack your app. The blog/tool go over the known weaknesses and you can make some educated decisions about how to stop the automated tools from working. Stopping dedicated pirates is no ones priority, but stopping people from using a 1-click tool is easily obtainable.
http://androidcracking.blogspot.com/
EDIT 1:
Make a free version with ads and/or less features. Crackers just want free stuff, so make it easy on them :) If you detect they are using a cracked version of your paid app you can try and convert them to using the free version or upsell them to the paid version. Currently about 1/4 of the people cracking one of my apps will open the Google Play for the full paid version (although less actually buy it)
This google IO 2011 video should be your bible: Evading Pirates and Stopping Vampires using License Verification Library, In-App Billing, and App Engine
It talks about many things you can do to defend yourself.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
I've been familiar with the idea since a long time that Apks are easily modifiable. Doing a simple google search shows tons of resources to do it personally or there are handful of websites that provides modified Apks already.
So what are we exactly talking about here! The fact that anyone can easily download a modified version of SnapChat that would no longer send the notification when the person screenshots the story. Or the fact that Pro version of Spotify can be downloaded with a single click giving access to full library of Spotify. Or the fact that any game available has a modified Apks version that would give unlimited coins or whatever virtual currency is used. This seems to me a very alarming situation but for reasons has been the same since years and no one talk about it(and seriously no one talk about it, doing a google search only points out to link telling how to modify Apks easily).
I just don't get why this has been the same for so many year. Every year there is a yet another version of android with "minor" UI improvements, but this problem is not addressed at all.
One last thing I would like to call out is that, on the other side of spectrum there are platforms like IOS and Windows, where this doesn't seems to be a problem. The way Windows 10 packing system works is similar to android, an Appx can be distributed from or without the Microsoft Store, but there are no modified Appx available or atleast one I know of!
"Or the fact that any game available has a modified Apks version that would give unlimited coins or whatever virtual currency is used" - that is why you track in game currency (and all important data for that matter) on the server.
"Or the fact that Pro version of Spotify can be downloaded with a single click giving access to full library of Spotify" - proper way of handling this is to associate the "Pro" with the account and only grant access to some features to those accounts having the "Pro" flag. Once again this is handled on the server. Even a modified client cannot access "Pro" features if the server blocks access.
iOS has modified ipa files as well. The "problem" is that if they are modified they are no longer signed and cannot be installed as easily - only with a jailbroken device where you skip the signing verification.
"This seems to me a very alarming situation" - no. The client can never be trusted, you always have to write proper server code for anything that you really want to validate. Same way you dont do the password verification in javascript on the client but on the server.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 6 years ago.
Improve this question
I am preparing myself to submit my first app to the Google Play Store, and have the following questions regarding the process, which might have been covered or not covered before, so I apologize if there are any duplicates beforehand, because I could not understand some of them.
In submission of an app to the Play Store, what is the expected time duration which it will get accepted or rejected?
Because I do not live in an area where Google Payments is accessible, what are the payment schemes that I can get for my app?
Is it possible to submit a complete rewrite of the same app as an update at a later date? If so, is there a specific method (e.g. signing schemes)
Thank you in advance.
From my experiences to avoid rejection or suspension do not put copyright protected contents on your apps and store listing.
Do not make apps that having harmful behavior.
If you collect user data make sure you have a well documented privacy policy.
Try to avoid spam words for your app name (like flappy,candy crush, clash of clans etc.. Avoid these words)
Avoid putting ads against their policy
Be clear with the UI. Don't confuse user with UI elements that leads to any kind of promotional contents without proper description.
App approval time may vary according to their job loads and types of app you are submitting, Apps now go through both machine and human verification, usually games get faster approval than apps. Average time I feel is around 4 - 5 hours for initial launch, updates get faster approval.
They give enough time to repair the problems.
App Rejections are easier to get through but App suspension are difficult.
It is hard to win a dispute with Google :)
Especially if you get a copyright issues you can't even pass machine verification and can't argue with algorithms ;)
Now it's much more easier because they have human verification too. They point out most of the problems. Before that it was a total mess. They reply with some pre generated generic replys
Good luck with your venture.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
I'm looking into monetizing my first app with a free and a paid version. It seems that the simplest approach would be to use an in-app purchase to unlock extra features. However, I'd also like the customer to have the option to purchase the full version outright on the Play Store (more visibility that way). I could publish a "pro key" app as an upgrade key, but then they'd have to install 2 packages and it seems like a hassle. On the other hand, I don't want to have to support two independently complete packages (one free, one paid).
So I'm not sure what approach to take. I want to let users upgrade from within the app because that would be simplest, but I also want a the customer to be able to buy and install the paid version straight from the store. Thoughts?
I see three solutions.
Add In-app purchase
Add new app "Your app name pro unlocker"
Add new pro version of you app
I think that the first one is the most reliable and easy to achieve. It is harder to crack by pirates too. Pirates can upload your app to their sited but when user will download it he will get normal free version. Of course anything can be hacked ;-) but... it is better than 3rd option (see below).
Second one - in you main app you need to check if "pro unlocker" is installed, maybe you will need to check if certificates are the same and run, custom implemented, android service in this to check if use is allowed to use pro version. It is quite ok and beacuse you will use a quite lot of custom coding it should be safe.
Third - using Grandle you can simply create second version of your app, during building Grandle will create pro/free version automatically. However pro versions which are using Google Licensing are easy to crack by pirates so...
To sum up - you have 3 three solutions. I think that the first one is good enough and it is not requiring too much code or time for maintaining. I hope that this will help you ;-)
Cheers
No. Free and paid apps are handled completely differently on the market.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 12 years ago.
Improve this question
I'm finding a great many people buy my Android app in the google market and immediately return it for a refund. That works fine with physical goods, but for virtual goods, they have now acquired the app for free!
Has anyone else noticed this fatal flaw in the Google Android market for apps? What other markets are there without this problem?
Peter
Yes you are correct. As per Android Market policies if an user uninstalls the application that he has bought with 24 hrs he is eligible for a full refund. I think this policy might be for the benefit of end users. The user is given access to the app only after he pays for it and unlike physical goods he wont be able to examine it before. He may like or dislike it once he starts using it. But in this case he needs to first uninstall the application so that he can ask for refund.
http://market.android.com/support/bin/answer.py?hl=en&answer=134336
I am sure that not all users will take this approach and as a developer i wont be interested in asking money for my application that an user is not happy of.
You're right, but it isn't a market flaw. I really like this feature 'cause I wouldn't like to buy an app and then discover it's totally useless.
If you're experiencing a lot of users buying and then returning your app, you should probably search for the reason of such a behavior. Probably they don't like your app. If I'm right you might get some feedback at uninstall time why the user did such a step. Analyze this feedback to improve your app!
One special feature of my app is that it delivers the source code to the SD card, on first being run. There is no way to recall that on uninstall. I can probably address most of the situation by not writing the source until 24 hours have passed. (Yes, yes, and checking for the clock being moved forward, if I want to inhibit all the cheaters).
I'm going to withdraw my app from the market, until I can implement this protection. – Peter vdL
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Edit: I voted to close this question as it is off-topic. I asked it when I didn't know any better.
What's your experience distributing Android apps outside of the Android Market?
Which alternative markets an Android developer should consider? Any success/horror stories?
SlideME is worth taking a look at. My app is available on both Google's Market and SlideME. I also provide a plain download link to an APK file for people not interested in "markets".
There also are:
AppsLib http://appslib.com/ (Archos)
AndAppStore http://andappstore.com
Insyde Market http://www.insydemarket.com/
Camangi Market http://www.camangimarket.com
FileDir http://filedir.com (All apps in one place)
And probably some other..
Zedge will promote your app in Zedge Discovery Network. Registering here before the public release might give your app some buzz.
Other popular promotion and app sites: androlib.com, appbrain.com, androidpit.com and getjar.com
I have used AndAppStore and got between 1K-10K downloads for some apps. However, all those apps got much more downloads from the Android Market. I have yet to know an alternate market that produces more downloads than the official one.
AppsLib is interesting because it targets the unofficial Android tablet Archos 5 IT.
I have had decent success on a few of the alternate markets, but the total downloads of all of the alternate markets that I have seen are somewhere around 10% of the downloads on the main market. That doesn't mean that these people can't download from the main market, I just think that people like choices. I think the majority of my SlideMe purchases are from the USA, which surprised me.
I personally think that 10% is worth a little time. I also have faith that I'll eventually make the $100 minimum of SlideMe, but it could be a while.
Then Amazon came out with their app market and that is a game-changer.
Start with these:
Amazon
SlideMe.net
GetJar.net
There are DOZENS of others that I've checked out, and am in the process of blogging about. Start with the three above, however.
In my experience as of March 2013 I have found the following app stores most useful for distribution in terms of maximum downloads:
Samsung
Google Play
SlideMe
I also tried out InMobi App Publish today and did a small review here, it promises to distribute you app to 130+ store globally.
I have found Amazon, GetJar, CNet not to perform so well.