How much does your app cost? There seem to be a lot of questions like this lately, but in reality I think that putting in hours of effort to defeat the tiny fraction of people who would even attempt this is mostly a waste of time, let's say you spend 100 hours coming up with a defensive strategy, and your app costs $100, if you value your time at $10/hour (conservatively) then this would roughly equate to you needing to stop at least ten people, I highly doubt that a very narrowly targeted app will have even that many people trying that hard to break it...
kris On Tue, Dec 6, 2011 at 11:29 PM, RLScott <[email protected]> wrote: > > > On Dec 6, 8:42 pm, Kristopher Micinski <[email protected]> wrote: > > On Tue, Dec 6, 2011 at 8:41 PM, Kristopher Micinski > > <[email protected]>wrote: > > > > > > > > > > > > > > > > > On Tue, Dec 6, 2011 at 8:37 PM, Anil Jagtap <[email protected]> > wrote: > > > > >> Even if the application is reverse engineered and say an cracker gets > > >> 100% of your code. Still, what is use? it is your app that is first in > > >> android market in case of android market apps. If someone makes a > > >> clone, it is still a 'clone' and you are the original. We are using > > >> Java and hence risk of code stealing would always be there for us. May > > >> developing in C may help, but again it has its own complications. > > > > >> Cheers > > > > > That's not what he's worried about, > > > > > he's worried that somebody will reverse engineer some authentication > > > policy or something and reveal something other than just the source to > the > > > app.. > > > > > kris > > > > Sorry, I thought he had specified this, > > though, that is what you're worried about, no? > > That's right. It is an expensive app for a narrow market, which is > why I am not distributing through the Google Marketplace. The > licensing scheme involves a free-trial mode when the app is first > installed. Then to unlock the paid mode, the user e-mails me the wi- > fi MAC address. I then calculate a license number that hashes into > that MAC address and send them that license number. They enter that > license number and my code checks that the license number hashes into > the MAC address. The hash is really a trap-door function that is > difficult to invert without the private key that only I have. Of > course someone could find where I am checking the hash and patch my > code to skip around it. But I am hoping that no one will find a way > to defeat my code without patching it (i.e. inverting the trap-door > function). The code that inverts the trap-door function does not > exist in the app. It only exists on my computer. > > -- > You received this message because you are subscribed to the Google > Groups "Android Developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/android-developers?hl=en > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
