Android Question Software Anti-Piracy

RichardN

Well-Known Member
Licensed User
Longtime User
We all know that piracy exists in any commercial software environment. It does however p!$$ me off that even Google with their 2-hour refund policy still give down-loaders enough time to 'backup' their .apk's before deleting the app and requesting their money back. Hell..... Google even carry a selection of apps on the Play store that will do the job for you!

I have an app which has a free version as incentive to purchase of the full version but nonetheless I am getting a small but significant number of cancellations within minutes of purchase, even though the customer already knows what they are getting from the free version.

At the moment this is not yet a problem for me in terms of revenue loss but the number is significant and increasing. The problem I have is that my apps will be used in an environment where internet availability is less than a few percent..... maybe just a few minutes each day.

I understand the licensing library is not dependent on 100% internet uptime so will it be suitable for my purposes?

Reading around the subject it appears that in API X+ the apk is encrypted by Google so therefore licensing is not required..... have I got that right ???
 
Last edited:

LucaMs

Expert
Licensed User
Longtime User
The policy of reimbursement under me is right (and note that I find many unjust things from Google, Apple and others). An app could promise something but do not do it or do not do it well or contain a virus. ("but do not do it or do not do" ? Is it a tongue twister? :D)

Moreover, any hacker willingly spends a few dollars if then he is able to earn much more.

I think the only way is to check the app via a connection to our server; this would also enable us to verify the actual number of installations (I do not trust everyone, then even Google).


[EDIT] perhaps it would be enough to make sure that the app sends us an email automatically.
 
Last edited:
Upvote 0

Informatix

Expert
Licensed User
Longtime User
I think the only way is to check the app via a connection to our server; this would also enable us to verify the actual number of installations (I do not trust everyone, then even Google).
A hacker would remove this check from your code. And if the app has to download data on the server to be usable, then the cracked app would use a local copy of these data stolen with a valid ID.
 
Upvote 0

RichardN

Well-Known Member
Licensed User
Longtime User
I accept there is no such thing as 100% security and a good Android hacker can spoof keys/data to get an installable apk.

However the problem is with the 'above-average' capability user who knows how to backup an installed apk, get his money back and then reinstall the app...... This is this guy we have to make life difficult for.

My question is.... Is the Licensing Library still the most effective solution for an app that has very little internet connection time? Has this library been superceeded by any encryption capability of later Android versions/SDKs?
 
Upvote 0

LucaMs

Expert
Licensed User
Longtime User
A hacker would remove this check from your code. And if the app has to download data on the server to be usable, then the cracked app would use a local copy of these data stolen with a valid ID.

I meant "check" in the broadest sense.

I vaguely remember what you can do in the Windows world with tools like the disassemblers (jump and similar commands).

I meant to invent a method for online testing.

However, considering that even Microsoft can not protect their own software, there's nothing else to say (and do, unfortunately)
 
Upvote 0

TomA

Active Member
Licensed User
Longtime User
Just to add to this discussion:
I have had shareware/trialware offered since 1996. I went to a lot of effort to combat piracy. One approach I used was to add code to a program to perodically "phone home" with registration information. Then I spent a lot of time checking on the various piracy sites (or warez sites as they are often called) - with a little effort, they are not hard to find - looking for pirated copies of my software and the registration info these were using. The "phone home" routine was buried deep in the program so would not be obvious to a hacker since the program (CyberSpyder Link Test) made extensive use of the internet - the call home would not be obvious. My home site contained a file of the known pirated registration info. The call home would compare the programs registration info with the known pirated info - on a match the pirated program was returned to "trial status". A hacked version that tried to bypass the normal registration check would end up calling home with a different code since the registration process also invoked some non-obvious other code changes.

What I discovered was that, in spite of a lot of pirated copies being available, very few were actually ever used so I became convinced that trying to trap these was not really worth the effort. I also realized that anyone who would actually use pirated software was unlikely to be a buyer anyway - they might play with a program a bit if they got it for free, but would not be a really serious ongoing user. I suspect the same is true of most users of pirated software. In many cases, the number of pirated programs is some kind of status symbol ("I have 3,579 programs/apps, how many do you have?") and the programs are not really being used.

Yes, there are a lot of pirated apps out there (check http://thepiratebay.se/ and do a search for "android apps games" - it comes up with lot) but I don't think it is worth an extreme effort to try to prevent this because you will not likely succeed. Make reasonable efforts to ensure your apps are licensed but don't waste a lot of time trying for something that is totally foolproof - it is a basically a wasted effort and not worth the time.
 
Upvote 0
Top