There might be a perfectly natural market answer to my question but I'll ask anyway.
I created a game and published it on Google Play in January 2012. After that it has seen a steady increase of downloads (over 50k combined, currently 200-300 a day) and I've kept updating it a lot. About two or three weeks ago I issued an update that had a weird effect on my new downloads. They almost completely stopped. I'm having a hard time believing that an update similar to what I've issued in the past has this kind of effect on user download decisions. Downloads dropped suddenly from 200-300 a day to 1-10 a day after the update.
I know I don't understand the Google Play search routines and stuff like that very well, but I still would like to know if there's a simple answer to my problem. What are the possibilities that an app upgrade will affect the visibility of the software.
BTW: My game update did not change the SDK requirements or available devices.
EDIT: I noticed a new permission has appeared in my application: "test access to protected storage" after I changed SDK target to 17. Can this affect my downloads?
From the day the app was launched till 30 days after that, your app appears in the 'Top New Free/Paid' app section in the play store (appears at almost the top in your app category). So for the first 30 days, downloads are awesome. Playstore suddenly drops it from the 'Top New Free/Paid' section and now your app will only appear in 'Top Free/Paid' section which is much more crowded and has more established apps to fight for a place.
The update surely has to affect on the downloads.
I will go so far and say that even the change in permission requirement is not responsible for the drop. One more permission request might change the mind of 10% of your potential consumers but not more than that.
Let me try and attempt an answer.
As per my understanding, Updates do not count in the number of Downloads. Simply because, the user has already downloaded them once. The Download count represents the unique number of downloads.
Unless the Update broke something or changed something drastic enough to drive away potential down-loaders, it has no effect on the number of downloads (per day) going down or going up. It may also be due to negative feed back and / or comments for your app. And although I cannot claim or give a source, I am almost certain the Update/s has nothing to do with stats going down.
Hoping any of this will help.
UPDATE
It is quite possible that the new permission is responsible. That being said, it really is a very subjective decision for the user to decide on the installation (because of the permission). Perhaps, to possibly remedy the situation, assuming the reason is the permission, you could put up a list of permissions used by the app and state the reason for using them in your app's listing. But that is the best that can be done to mitigate a further loss of users. Plus, you may perhaps see the stats getting back to normal too. Good luck. ;-)
In my case, when I changed the default language to English in the Play developer console - Control panel, the number of downloads drops from 300-400 to 1-30, it was frustrating. Before when I looked for my app by its own name it would come in the first or second option, after changing the default language dropped to the 30 position, then I thought if I switch back to the old default language maybe return to the first position, but this was more Terrible because the last change caused it to disappear from the positions. It only appeared with complicated searches that included keywords placed in the description of my app.
My app always supported 2 languages Spanish and English, by mistake when I first uploaded the app, I placed the default version in Spanish.
Typically there is no effect if you do not change the manifest sdk, feature or permission requirements.
It could be that what you see is not related to the version, but rather something else. Most likely it is because 30 days passed since launch. On the first 30 days after a new app is published, you get some boost from Google, but after 30 days, it stops.
I realize that this problem can be solved in the future by using some sort of SharedPreferences value that contains the app version and is set only on the very first run. However, I'm considering adding ads to one of my apps and I'd like to not bombard existing users with ads without offering more value to them.
I was wondering, therefore, if there is some sort of innate property that would let me detect this, or if it's too late to do it for this version as I would have needed to implement that beforehand. Unfortunately, the app is very simple and so at the moment I haven't even used any preferences. Thanks!
(I considered asking this on AndroidEnthusiasts, but I reasoned that it really is an SDK question that devs would be better able to answer)
No, you cannot detect the app version of a previously downloaded or initially downloaded APK. You can only detect the app version of the current app.
The only way I can think of for you to get around this would be to implement an update in which you have SharedPreferences, which sets something like "has_downloaded" = true. Once all the users have updated, you update, stop setting the "has_downloaded" variable, and check it instead. If it's true, it's one of your initial users, otherwise, show an ad.
This is far from a feasible solution, though, if you have a large userbase. I still have users using versions that are 2+ months old. Additionally, if they ever have to reinstall (or if they clear the app data), this data will be lost.
If your app had, previous to now, been saving data, you could check for the presence of this data, and in all future versions, save it under a different name. You still run into the reinstall issue with this method, though.
What are the best practices on updating the apk files in the Android Market ? Is it ok to publish a new version as soon as i fix a minor glitch or should i consolidate a few bugs (if those or minor) and post it in a regular interval. Just released a game and got a extremely corner case crash issue and another minor glitch so i'm not sure if i release the fix right away.
Also are there any restrictions on the number of updates per time period ?
Even if there is no best practices as such could you (android developers) share how frequently you update your APK files for minor and major issues and what's your positive and negative experiences ?
Thanks!
Once a week is pretty optimal for generating new downloads and visibility. Based on my experiences and what I have read. Also weekends and holidays seem to generate more traffic.
I usually pack more changes into one update and release once in 1-2 weeks. Don't make updates if you have no real content. That may annoy users.
Read story #1: http://blog.edward-kim.com/an-android-success-story-13000month-sales-0
Read story #2: http://makingmoneywithandroid.com/2011/05/first-month-on-the-android-market/
People's experiences: Android Market - Time to wait between two updates
Market's "just in": http://www.google.bg/support/forum/p/Android+Market/thread?tid=5b8adbb9052fc55c&hl=en
Analysis when during day is most downloads: http://nhenze.net/?p=735
Discussion about time of day: Best time/day to publish to Android Market?
Personally, I think it depends on the type of application. If you are coding a type of tool that obtains more and more functionality with each update, users probably won't mind the frequent updating. Same goes for an application that has too many major bugs.
If you're coding a game though, I think updates relating to style of gameplay should be few and far-between. Users get used to playing a certain way and could get annoyed if they have to keep adapting to what essentially is a different game every time they update. Level pack updates are of course a different story though (I think those don't come fast enough sometimes).
Remember though, even if an update goes out for an app, it doesn't mean the user will download it. I've seen too many friends with 22 updates available... < drop down clear >
As far as I know you can update as often as you like. You pretty much have to decide what the balance is between annoying your users with frequent updates vs. making them happy by getting frequent bug fixes. For a while I was updating my own apps pretty much weekly and I never had any negative responses to that.
i've got a problem with an app that i published 2 days ago.
The app still doesn't appear in the market within the new entries
(appear only with direct link)
About 1 month ago, I've uploaded a previous version of that app..with
the same name and a different package name.
It was a beta so i disabled it in the console and i uploaded a NEW app
with the same name but different package name...This can be related
with the problems mentioned before?
Anybody had similar problems?
In my experience it won't last near the top for very long at all. after 2 days you'd probably have to scroll down pretty far to find yours. I have noticed that sometimes my apps show up in the new list within a few minutes of uploading, and sometimes not for an hour or so. But I've never witnessed it happen any longer.
As for whether or not changing your package name could result in your problem. Perhaps, but I wouldn't think so. In general though you should strive to never change your package name. This will result in users having to un-install before they are able to install new versions.
Seems that is the new Google design. You don't get your app listed in the new
category (or any other) unless it's already a high-ranking app before
it's launched, or, you are one of the top-rated developers.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
So we've been through this several times now, we release a game (for cheap) and someone hacks it and puts it up on a mirror. We setup Google Alerts for all our apps, so we get told daily who's doing the hacking. So far, we have implemented the licensing service as Google has suggested, our salt is randomly made each time the license is initiated with the unique device ID. We run the check service once, when the application is started for the first time. We then generate a 512 character hash for the key and the stored value that is compared against in SharedPreferences from there on out.
Now, I know that checking once is probably where the application is being blocked. Our bytecode has most likely been looked at and recompiled without the line that initiates the check.
From here, I don't want to obfuscate our code as I have seen it broken before. I want something a little more solid, and I also want to learn how to do this properly. I am more interested in learning than making money at this point since only 2% of people will ever look for a hacked version.
So far, on my own, I have come up with a random number generator that is placed in several startup areas of the game. When initiated (say, 1 out of 50 times) the license is checked. I know this would make it harder to hack because the cracker would have to eliminate each case, compile, eliminate, compile. This method however, is still crackable...so what do you guys suggest? Again, I am really interested in this process of security, so please educate, don't turn this into a discussion on obfuscation or checking periodically based on a timestamp.
Thanks
My idea isnt hacker proof, but might remove some of the interest for hacking the game.
Freemium model
1) Make the first 5-10 levels free so people can learn the game and have some fun without paying. Less will want to hack the first level and the game will spread even further by Freemium model.
Shareware/clustered levelpacks
2) Let part of the game levels or logic stay online. Eg. when reaching for level 5 or 10 or 15, then download small parts for the game, and every time submit the progress-log from the game and validate this against possible values + hashcodes. This could perhaps make it possible to automatically close down of hacked accounts.
Stealth cheater protection
3) You could also just count "small warning flags" that you place around in the game. Dont just check for the "validation" in the beginning, no build these flags into the game logic itself. Dont make it break the gameplay, because then noone will look for it.
Then when the user reached the end of level monster, check if there were any logged warning flags. These will not show up inside the game, so the unknowing user with a hacked edition could be playing for hours/days and suddently realize that he/she couldnt finish the game or advance to next level, because the game had a "bug". What the user didnt know was that this bug only occures on hacked clients.
Conclusion
Be smarter than the crackers. Fool them into thinking the job was done. Make a copyprotection and know that the more advanced crackers will be able to remove it. But they probably dont want to play 50 levels to check if the crack also works all the way.
Once they realize this problem, they might start to crack it too. But if you break the game up into level-packs, you can still validate between each pack download. So once you receive hacked client hash data, then just execute an exeception and crash the game on the client. Whoops the game crashed. Dont tell its because its hacked. A program error can happend. :-)
Again, its not hacker proof. But it might annoy them enough to move on to the next game. Lastly, you could also put out regular updates for the game and only the latest version should be able to "post the records" etc. so the active users would have to update to keep in the loop.
I have been doing some apk decompiling and hacking for a while (not warez, but mods and hacks mostly to the google apps and the android framework, always abiding xda-developers policies).
Once you learn to read smali, it is almost as reading the original java code (but with way more LOCs). So, any code you add to check for keys can be found and deleted or replaced. You don't even need to recompile each time to eliminate more than one (some searches do miracles to find similar pieces of code) and, even if compilation/recompilation cycles are needed to find them, it's just a matter of one or two minutes to decompile: everything is automated by apktool and even more by apkmanager.
Having said that, my suggestion to you is to implement some sort of online scoring table or similar, and when the user looks at the score table online, you can check the hash code you implemented and compare it with the associated gmail account. That way you can report the hack to google and send a nasty message to the user of the warez, explaining why that is illegal.
Of course, a new hack could be implemented to eliminate the scoring table, but that would reduce the interest for the warez.
Good luck.
Update
After researching to answer this question: Injecting code into APK (really about the Amazon DRM mechanism), I can tell a little bit on how Amazon is protecting the apps: it includes methods for checking for the installation validity everywhere (you can see an example of how they do it in my answer to that question). This will make any attempt to hack an app not very difficult, but extremely tedious. I believe that is a strong point: hackers won't want to spend so much time doing so many repetitive tasks: it's not challenging and it's boring. The main flaw I see in that approach is the possibility to hack the Amazon app itself to always return a valid answer, of course. But, if you mix your current hash checks with some sort of online check scattered among your methods, I believe the chances of it getting hacked may be drastically reduced.
Taken from my solution from this post Avoid apk cracked
Implement your own licensing library
I'd also refer you to check out this from Google I/O 2011 YouTube recording:
Evading Pirates and Stopping Vampires
EDIT:
The Presentation Notes from Evading Pirates and Stopping Vampires
Some basic keypoints
Modify the LVL
Implement LVL Tamper Resistance
Use obfuscation
Add reflection
I know you're not really into obfuscation, but I really need to react to this:
From here, I don't want to obfuscate
our code as I have seen it broken
before. I want something a little more solid, and I also want to learn how to do this properly.
ProGuard is very reliable in my experience, and this although I use a couple of advanced features such as AIDL and some native code which calls Java method.. It takes a little work to read the documentation and do things properly, but once you're there ProGuard is extremely reliable and also optimizes your app.
Custom security/cryptographic tricks are good, but without obfuscation it's like throwing a stone in the water in my humble opinion.
I've used ProGuard in production for many months, and it just works flawlessly.
If you're into learning, then read the ProGuard manual carefully, experiment with it, and inspect its output logs.
Chance, that there are more talented programmers then YOU (applies for all programmer), is 100%. And if that is true, you can not fix hacking. But you can spend as much time and effort on it to go bankrupt.
If you want to make some serious money you need to do some research on your target user group, and behavioral science. You need to make users playing that bring in new money, and thats it.
Besides, you got it all wrong. Hackers are most active members of your user base, thy just behave in a way you did not intend them to.
Take Zynga games on Facebook for example, do you think thy get hacked? - Sure, and about +100000 players only play, because thy can use bots, that automate everything.
Having huge active user base botnet of actual people, makes archiver type gamers want to play the game - and if thy play, and it looks cool, then Avarage Joe will also want to play. If Avarage Joe plays, then his friends might want to play, and thy probably will not care anything other, then being better then his/her friend, killing time or having something to chat about. Avarage Joe friends will most likely be willing to pay to be better then Joe, but rather thy would like to invest in something that makes them able to be better.
Besides if the real value is playing the game for free, then users who use the free hacked version, will most likely never would have payed for it. But thy are Avarage Joes and their friends just might. So this is like the cheapest commercial you can have. If you want to make money of your large userbase, then just make new versions of the game with small changes to levels and graphics.
Piracy will always be an issue. By in large crackers are better at playing this Security Though Obscurity game than developers.
What an interesting and disturbing question. :-) As an exercise, you might try releasing an app through Amazon; they have their own DRM mechanism; I wonder if it works any better than ProGuard...
One of the key elements in my opinion is to spread out the code so it's not all in one place. If you have a function called LicenseChecker.checkLicense() which retrieves the license and checks it, you can be sure it will be disabled promptly.
The one advantage you have is that the crackers cannot see the comments of your code (and, if you obfuscate, method/variable names), so come up with something weird. In the onCreate() of one activity, you get the license ID. In onResume(), you get another value to check it against. Maybe create a thread and do some checks there. And then, some other irrelevant piece of code (maybe the player control) might pick up the value and compare it and store the result somewhere. Then three other irrelevant pieces of code will all independently check that value and disable your application if it doesn't match.
Now I should say upfront that this can cause headache for yourself - obviously, cluttered, nasty code is harder to debug and prone to cause errors. Worst case, you create false positives in legitimately purchased applications.
And, of course, everything can be reverse-engineered - once the crackers find the place where the app is disabled, they trace back the value that's being read from. They could then trace back where it's being stored, and trace that back..... or, much easier, they can just disable the final check (which is why I recommended 3 different places, all triggering delayed). Security is only as good as the weakest link.
You will not be able to stop piracy. Your best bet is to delay the spreading of a pirated copy until the initial hype about your app has calmed down.
First, I do NOT consider myself a pro in the SW security field whatsoever, but:
I think an important thing is to let the application be dependent in some part(s) on the signature check. Don't let it affect immediately, but let it set some flags or change some values. later on, use those flags, check them, let the absence/incorrectness of them cause an exception of some kind which will terminate the application maybe. As long as the signature check is only relevant at the moment, it is easy to bypass it, to remove the line, once it touches more areas in the code, your application becomes harder (or less easier...) to hack. Also as I see it, not all checks should call the same routine for the sanction, because this will also make it easy to find the protection mechanism and terminate it.
Of course, the sanction to take in cases of illegal SW may vary, you might want to crash the application when used illegally, but you might as well want to keep it running, and only send message that asks the user to buy a legal copy of the application.
If this is just what you didn't want to hear, then I'm sorry for your time :)
Android users are just going to have accept the pain of constant phone-homes. The only secure Android app is an always-connected Android app.
This is, in large part, due to Google's refusal to lock-down the installation, like Apple has. On IOS you have to jailbreak the phone. On Android you can load any APK on a stock, factory install.
Keep some/most/all your content on the server; deliver it in chunks; validate the license/session on each call.
It will be incredibly hard to inhibit this kind ov behavior. Anything that is handled on the client-side is hackable using APK decompilation and modding, memory editing with software such as Game Guardian ect.
The only way I can see how partially getting around it, would be to make an online game instead. Or have certain functions handled online. Or if anti-tamper encryption like denuvo ever is available for Android / iOS.