Recently I published my new application in Android Market. This application contained Android Licence. This Licence was working perfectly fine, when I put my own apk on my phone, there is a dialog that will pop out saying I need to buy this application on the market. However, today I saw my application on some forum and when I tested it, the license was not working, I can get in to the application without buying it. Is there something I am doing wrong?
And also can you give me some tips that can help me to stop this hackers. I am thinking to have a Push Notification on my main activity which will pop out only when I have a new updates therefore people who are not registered can't get this new updates. But the real problem is I don't know how to accomplish this. If you have a better solution can you please tell me, I am planning to publish my new app soon but I am thinking to delay it for a while because of this kind of piracy that is going on. Please help me, I have been working on this new application for several months and I don't want this kind of piracy to happen again.
I don't think you can get your licensed application through the market without buying it. I'm not sure why you would want to, since you can just compile it and install it yourself with ADB.
However, I wouldn't worry too much about people pirating your software. Any good or even marginally skilled cracker is going to be able to remove any security you have anyway. In my experience (from both ends of the playing field), the game always comes down to cat and mouse, and you will end up wasting time instead of adding features, fixing bugs, etc.
Look into ProGuard.
It comes free with the Eclipse/Android stuff.
ProGuard presumably makes it more difficult for people to decompile and modify your application package to defeat the licensing check.
I do not know how well ProGuard actually is at discouraging piracy.
Related
I hope this question isn't too broad. I realize the answer to my question is "Anything, it depends on the particulars." I'm just looking for ideas here. I have a published Android app that has been in the store for years. People download it every day. Suddenly, on July 2, 2018, I start getting messages from tons of users, both new and old, saying they can't get past the startup screen, where the app does a series of checks (read-write to storage, check license, etc). I haven't changed anything in the app.
Oh, and of course it doesn't repro for me.
I asked my users for information about the device they're using, their build of Android, their physical location, and I don't see any patterns. It's all kind of devices including official Google devices, and the OS ranges from 6.0 to 8.1.0. Users are from all over the world.
Based on what users are telling me they see on the screen, it seems that the Google Play license check might be the place where things are going wrong. (However, no exceptions or error messages are shown.) Also pointing in this direction is the fact that the free apps (which have otherwise identical logic) seem to work okay.
Did Google deprecate something a licensing library starting on July 1 or something like that?
Any ideas would be greatly appreciated.
Big thanks to #MorrisonChang in the comments to my question pointing me in the right direction. I have confirmed that this was indeed a problem with the Google Play Store app, and customers who upgraded to 10.7.19 report that my apps are working properly again.
Is there any service that can be used to monitor how a beta-user engages in an android application I made?
I've looked into different analytic solutions, but they all come with the disclaimer that I should not send "unique identification information about the users" - fair enough, and I can appreciate the privacy concerns. But I need to dig that information during my beta testing.
Currently, I'm emailing the apk files to a few people to install the app and test on their phones. They give me feedback, but not all of them are good at describing exactly what they are doing. I need more detailed information - like how they opened the app (was it a fresh open, or did they relaunch it from the running app list?), what exactly they did in the app and if possible, to get some debugging information too, since some issues are unique to the specific model of phone they use.
In a nutshell, it means that I need to dig into my beta-testers devices - and they all agree to it too, so its not like I'm spying on them or some such. (At the very least, I want to record their behavior in my app with permission)
Is anything like this available? If not, are there any other approaches I can use to solve/debug issues that generate from end-user behavior? (NOTE: I'm not talking about app crashing/hanging. The app is stable - its just not working correctly)
Stuff that doesn't seem to work:
http://acra.ch/
This looks more like a crash reporting tool than a usage/monitoring tool. :(
http://try.crashlytics.com/
Similar issues to above
Paid levels of BugSense come with a feature called Bread Crumbs, which I've never used but which sound like what you need.
I'm making my first Android app, and it will be a paid (1$) app targeting API8 (Android 2.2).
Right now I see 2 options for protecting my app from sharing:
Using Android license checking : The problem is that the device must have an internet connection, and that as I've read on the net, the license caching is buggy. And, the biggest draw back is that it can be cracked anyway by an average cracker... Also, I don't want to penalise honest users by slowing down the app startup or by exiging an internet connection.
Using ProGuard, and activating the legacy anti-copy option when publishing the app : Is this unsecure to the point that even a newbie would be able to copy / share my app ?
Also, I don't wont to spend a lot of time on the security of my app, so please don't suggest solutions that are hard to implement / time consuming.
For now I'm more for the second option. Please help me decide, and tell me if I'm wrong in what I've said.
[UPDATE]
One more question : Does the Android LVL add more encryption to the APK and make it more difficult to share ? Or is it only used to check the license online ? Is it safe to not use it at all and only use Proguard and the legacy anti-copy option when uploaded ?
Thanks.
The answer is simple! Do not waste your time in adding protection...it will be cracked the minute it gets uploaded and WILL be pirated very easily!
Use proguard as your best defence for the app to obfuscate the names of classes into single-lettering scheme.
AppBrain has a fantastic new app that lets you automatically install applications on your phone using your web browser. Similar to the Chrome push. In their case, they are using it to let you install apps without a prompt directly on the phone. Engadget has a good video demonstrating their system.
http://lifehacker.com/5582169/appbrain-upgrade-installs-android-apps-instantly-from-the-web
My question is: What mechanism are they using to avoid asking for a prompt on the phone and to do the installation directly?
The reason I'm asking is that have a couple hundred android phones that run some custom software, the users have to manually update the software by clicking through the install process. And ideally I'd prefer to be able to do push updates without having to prompt people (in exchange for a free phone+service you have to run the software, so 'you shouldn't do that' doesn't invalidate the question of how do you do that). The biggest problems are that if you're doing rapid development/testing it's a pain to get everyone up to the right versions and it's hassle for people.
What AppBrian does sounds like a perfect fix to this problem, but how does it work? The only permission the AppBrain fast installer asks for is access to your accounts and network access. Now, there was the interesting development about Jon Oberheide's REMOVE_ASSET and INSTALL_ASSET which he says uses the GTalk service to imitate prompt-less installs. The interesting this is that AppBrian's FastWeb installer works on a 2.01 Droid but does not work on a 2.2 Nexus One (maybe one of the last round of Froyo updates disables AppBrain's access to the INSTALL_ASSET intent).
http://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/
Can anyone shed any light on this? I know auto update is coming for the Market but I'm not sure if this would be a usable workaround. I'm fine with saying 'you need to click to install this once', but having hundreds of people waste their time clicking 'ok' is a waste.
I personally think that this is something Google should support for Enterprise users in the future with the Device Administrator features. If I went with Android and could easily stage and keep people up to date with apps it wold be pretty useful.
So I think I have a reasonably good idea on how app brain is able to work its magic. I have found a couple of links you might find interesting and then you can always refer to the discussion on this other question.
Link 1: Here is a link on how the first app that was built by a researcher shows how a person with malicious intent can easily use two commands that google has put in for "our" convenience for silent install and uninstall...!!
Link 2:Here is how the exploit works and you could use it...
I have some Android market feedback for my app Hire*A*Droid where users complain that they are unable to uninstall the application. Here's two I have so far (about 10 days apart):
janelle: I uninstalled this app, but its still showing that its
installed under my downloads. What can i do ?
valerie: It's frozen I can't open or delete it.
anyone can help n tell me how..thanks
The app has nothing really special or tricky about it and I never experienced anything of the sort so I'm really lost at what this may be, how real it is and how to reproduce and deal with it? Any ideas, suggestions? If you have any questions that you think may help with this problem I'll be happy to provide more details
P.S. Worth nothing to mention - both complaints cost me a single star rating and no additional info was provided
P.P.S. After comment from PHP Jedi I noticed similar comments for other apps while browsing Android Market. I think this is quite common and it looks like Market bug. I will try to open a bug on Android Market support site
Cross-referenced to Android Market forum
I purchased a DROID a week back and was having the same problem. To uninstall an application from the DROID do the following.
Uninstalling an application from Android OS v2.1
Go to settings.
Go to Applications
Go to Manage applications.
Touch the application you wish to uninstall.
Touch uninstall.
Enjoy the fact that the application is gone.
The confusion I'm guessing your commenter's are having is when you hold your finger on an application you can drag it to a trash bin. This makes you think you are deleting the application when really you are removing it from your favorite applications list. Its very misleading.
from what i understand (i don't work on Market myself), the "Downloads" list inside Market can be out of date for up to a day, until it next gets an update from the server. the app isn't actually installed anymore, and Settings > Applications > Manage Applications will show that it is indeed gone.
i reported this as a Market bug internally last year. i've just added a link to this page from that bug, and i'll try to get someone to look at it.
(it may even already be fixed in newer versions. it would be interesting to know the most recent version you've seen it in.)
I could not say why the users complain, but I could say that your application work without problem on my HTC Magic, I don't get error when I tried to uninstall it.
Best Regards