Its not bullet proof, but it is thicker plating. Apparently the AndAppStore people have already implemented something similar. I feel like it is a step in the right direction and hope other like Goolge Market and SlideMe will do somethng similar!
Perhaps they can even adopt the AndAppStore version as a standard. On Wed, Oct 14, 2009 at 1:54 PM, Dan Sherman <[email protected]> wrote: > Unfortunately has a few problems: > > 1) The user has to have an internet connection on first load of the app. > > 2) If its via HTTP or some other well documented protocol, could easily > have a hosts entry re-point where to ask for confirmation to a server that > just responds "OK". This could be overcome possibly with a pub/priv key > system of signing. > > 3) Should still be possible to get a copy of the apk, and remove the code > block for that check I imagine... > > You're going to have a problem with piracy no matter what you do. Look at > _every_ platform, and every form of copy protection, they all have piracy. > The only exception to this that I can see is hosted services (like World of > Warcraft, and websites), where all of the user data is stored some place > that you have control over, and can check for validity on your side, with > known-good code at run-time. Any time you put code/logic on a client side, > it can be subverted one way or another... > > - Dan > > On Wed, Oct 14, 2009 at 1:38 PM, WoodManEXP <[email protected]> wrote: > >> >> I am no security expert and have not thought this out all the way, but >> could a workable solution to the pirating problem be something like >> this: >> >> >> 1. The market clients (like Google Market, AndAppStore, SlideME) could >> record on their servers some kind of identifier about who bought the >> app and perhaps what Android device it was bought for. They already >> capture the who information. >> >> 2. Android apps that care can, on first launch, ask the user about >> their identifier and what service they bought the app from. >> >> 3. The app, or the servers that support the app, can query, via http, >> the market client service to ask did so-and-so get this app from you? >> >> 4. If an affirmative response can be had then the app is not pirated. >> Otherwise the app is pirated >> >> Google Market, AndAppStore, SlideME, etc… will need to make such a >> service available, via http. >> >> It would be straight-forward to generate a list of installed market >> clients for the user to select from. The market clients may even be >> able to supply the user identification so user does not need to enter >> it. >> >> The application could retrieve from its servers the list of market >> clients is believes are legitimate in order to prevent the bogus >> clients from spoofing it. >> >> If you installed an app w/out a market client and the app did not >> intend for such an installation to happen, like on rooted phones using >> adb, then the app is pirated. >> >> And finally, could this process be invisible to the user and just >> involve communication between the app and installed market clients and >> the market clients servers and the apps servers? >> >> >> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
