Creating APKs That Can't be Uploaded

treehousefrog

treehousefrog

Member
Licensed User
Longtime User
Hey guys,

So I'm making an app for an OEM :-D They want to have the app pre-installed on their devices which is fine, but I'd rather they didn't also uploaded the apps to the Play Store and of course I have no way to know whether they're trustworthy at this point...

So my question is whether or not there's a way I can create an APK that can't be uploaded to the Play Store. I was thinking that if I used the same key as one of the apps I already have there then that might do it... would that work? And is there another way?

Thanks a lot all, hopefully this hasn't already been asked elsewhere but I couldn't find anything.
 
Erel

Erel

B4X founder
Staff member
Licensed User
Longtime User
I was thinking that if I used the same key as one of the apps I already have there then that might do it... would that work?
Click to expand...
No. There is no problem with signing many apps with the same key. You can sign your app with the debug key. Such APKs cannot be uploaded.
Though they can rebuild the APK and sign it with their own key.

Another option is to upload a draft application with the app package name. They will not be able to upload the APK without changing the package name which is pretty difficult.
 
treehousefrog

treehousefrog

Member
Licensed User
Longtime User
Brilliant, thanks a ton that's perfect :-D I don't think these guys are particularly code-savvy, so I'll use both those methods and hopefully that will keep my work safe :)
 
yttrium

yttrium

Active Member
Licensed User
Longtime User
Instead of fiddling with debug keys, which might disrupt certain security software (they tend to scan for applications with keys like that), why not make it so that the market manifest parameters, like screen size, are all false? These fields are ignored when preinstalling, but if they manage to upload the app to Play, only clients that are eligible to install it will be shown the app in the first place - and nobody will be eligible to install it.

Alternatively, just include in your contract that you will not permit them to upload it to any distribution networks, and if they do so, it's a breach of contract. But that's the more law and trust oriented method.
 
treehousefrog

treehousefrog

Member
Licensed User
Longtime User
That's genius thank you! And yeah I was having difficulties with the debug key as I'm using the maps API. This is a smart system.

Lol I do like the idea of going the trust route, but that's the problem with the web. These guys are halfway across the world and I can't really afford a lawyer!

Thanks again for your help all :)
 
You must log in or register to reply here.
Top