I am no security expert and have not thought this out all the way, but could a workable solution to the pirating problem be something like this:
1. The market clients (like Google Market, AndAppStore, SlideME) could record on their servers some kind of identifier about who bought the app and perhaps what Android device it was bought for. They already capture the who information. 2. Android apps that care can, on first launch, ask the user about their identifier and what service they bought the app from. 3. The app, or the servers that support the app, can query, via http, the market client service to ask did so-and-so get this app from you? 4. If an affirmative response can be had then the app is not pirated. Otherwise the app is pirated Google Market, AndAppStore, SlideME, etc… will need to make such a service available, via http. It would be straight-forward to generate a list of installed market clients for the user to select from. The market clients may even be able to supply the user identification so user does not need to enter it. The application could retrieve from its servers the list of market clients is believes are legitimate in order to prevent the bogus clients from spoofing it. If you installed an app w/out a market client and the app did not intend for such an installation to happen, like on rooted phones using adb, then the app is pirated. And finally, could this process be invisible to the user and just involve communication between the app and installed market clients and the market clients servers and the apps servers? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
