On Thursday, 12 April 2012 16:26:37 UTC+1, latimerius wrote: > > I too consider not protecting the app at all a valid option. However, > ideally I would like to have something to deter the more simple-minded > cracking attacks. Anti-copying protection seems to follow the 80/20 > rule quite often - confusing and annoying the army of script kiddies > or attackers who are not very knowledgeable or motivated doesn't cost > you all that much. The rest you'll have to bow to anyway. > > And I too agree that user convenience weighs more than good > anti-copying measures. Which is why I'm considering, if I can't do > LVL under the free/paid app scheme properly, it might be better to > avoid it altogether. Because pretty much anytime you use a protection > scheme, you run a risk of annoying legitimate users - and running that > risk doesn't seem to be worth it for a protection that doesn't even > protect very much. > > Not being able to obfuscate and hide LVL code in other code is quite a > big deal here - under the particular circumstances (all of your code > and assets live in untrusted environment) obfuscation is your > front-line security measure. Without it, your security core (the LVL > check itself) becomes exposed and vulnerable. > > I'll have to think about this some more and weigh carefully pros and cons. > > 2012/4/12 Kostya Vasilyev <[email protected]>: > > I'll try to throw in a few more two cent coins :) > > > > 1) Hackers and piracy, pt1. > > > > Some people on this list have stated that they've chosen to not implement > > LVL for a paid app, and to spend that time improving the app. > > > > There is certainly nothing wrong with that decision. > > > > 2) Hackers and piracy, pt2. > > > > Not every user is going to search for a cracked copy of a paid app they > > would like to have. > > > > Some just press "Buy", even when there is a cracked version somewhere. > > > > Of those, I suspect some consciously do it to support the developer, some > > don't realize there are sites with cracked apps, some are worried about > > malware and so install from the more "official" source (Market), some do > it > > for the convenience. > > > > 3) Base app + unlocker key vs. limited free + full paid apps. > > > > There are apps in Market that use either approach, and at this point, I > > believe both ways are well understood by the users (at least the type who > > can find the Menu button on their phone... some can't...). > > > > I would look at how the users are going to transition from the free/base > app > > to the full/unlocked app with as little interruption as possible. > > > > If the app is such that the user spends a lot of time setting it up (the > > free/base version at first), I'd either: > > > > - go with the base/unlocker approach so that the data stays intact > > > > - provide a really easy, preferably automatic export / import or > transition > > capability > > > > -- K > > > > 12 апреля 2012 г. 18:35 пользователь Justin Anderson > > написал: > > > >>> In theory yes, but although I'm most definitely not too much of a > >>> cracker, I'm confident I could disable a security check that's alone > >>> in its executable in a matter of minutes. :-( > >> > >> An experienced hacker could pretty much do that no matter what you do... > >> > >> > >> Thanks, > >> Justin Anderson > >> MagouyaWare Developer > >> http://sites.google.com/site/magouyaware > >> > >> > >> On Thu, Apr 12, 2012 at 8:31 AM, Iain King wrote: > >>> > >>> > >>> > >>> On Thursday, 12 April 2012 15:27:29 UTC+1, latimerius wrote: > >>>> > >>>> On Thu, Apr 12, 2012 at 2:34 AM, b0b wrote: > >>>> > > >>>> >> Would it also be possible to initiate the LVL check from the free > >>>> >> app? > >>>> > > >>>> > > >>>> > Not possible. You cannot add the request LVL permission to a free > app. > >>>> > >>>> Hmm, that's kind of silly. Obviously, it makes no sense to LVL-check > >>>> a package that's free in the first place, however this should not > >>>> depend on the package that is asking but the package being asked > >>>> about, right? > >>>> > >>>> > The solution described by MagoutaWare works very well. > >>>> > >>>> In theory yes, but although I'm most definitely not too much of a > >>>> cracker, I'm confident I could disable a security check that's alone > >>>> in its executable in a matter of minutes. :-( > >>>> > >>>> This sounds like a borderline showstopper to me, I'll have to consider > >>>> whether it's actually even worth bothering with LVL under these > >>>> circumstances... > >>> > >>> > >>> You know, that's not a terrible idea. You can still release stuff on > >>> Play without implementing LVL, right? Or even if you can need some, > you > >>> could implement token code that does nothing. > >>> > >>> Iain > >>> > >>> -- > >>> You received this message because you are subscribed to the Google > >>> Groups "Android Developers" group. > >>> To post to this group, send email to > [email protected] > >>> To unsubscribe from this group, send email to > >>> [email protected] > >>> For more options, visit this group at > >>> http://groups.google.com/group/android-developers?hl=en > >> > >> > >> -- > >> You received this message because you are subscribed to the Google > >> Groups "Android Developers" group. > >> To post to this group, send email to > [email protected] > >> To unsubscribe from this group, send email to > >> [email protected] > >> For more options, visit this group at > >> http://groups.google.com/group/android-developers?hl=en > > > > > > -- > > You received this message because you are subscribed to the Google > > Groups "Android Developers" group. > > To post to this group, send email to [email protected] > > To unsubscribe from this group, send email to > > [email protected] > > For more options, visit this group at > > http://groups.google.com/group/android-developers?hl=en >
You've pretty much summed up what I was thinking. Iain -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
