Adopting AndAppStore's version as a standard would be Ideal. Only one set of code to modify. I wonder if they are willing to share with other stores?
On Wed, Oct 14, 2009 at 1:35 PM, Robert Woodruff <[email protected]>wrote: > Its not bullet proof, but it is thicker plating. Apparently the AndAppStore > people have already implemented something similar. I feel like it is a step > in the right direction and hope other like Goolge Market and SlideMe will do > somethng similar! > > Perhaps they can even adopt the AndAppStore version as a standard. > > > On Wed, Oct 14, 2009 at 1:54 PM, Dan Sherman <[email protected]> wrote: > >> Unfortunately has a few problems: >> >> 1) The user has to have an internet connection on first load of the app. >> >> 2) If its via HTTP or some other well documented protocol, could easily >> have a hosts entry re-point where to ask for confirmation to a server that >> just responds "OK". This could be overcome possibly with a pub/priv key >> system of signing. >> >> 3) Should still be possible to get a copy of the apk, and remove the code >> block for that check I imagine... >> >> You're going to have a problem with piracy no matter what you do. Look at >> _every_ platform, and every form of copy protection, they all have piracy. >> The only exception to this that I can see is hosted services (like World of >> Warcraft, and websites), where all of the user data is stored some place >> that you have control over, and can check for validity on your side, with >> known-good code at run-time. Any time you put code/logic on a client side, >> it can be subverted one way or another... >> >> - Dan >> >> On Wed, Oct 14, 2009 at 1:38 PM, WoodManEXP <[email protected]> wrote: >> >>> >>> I am no security expert and have not thought this out all the way, but >>> could a workable solution to the pirating problem be something like >>> this: >>> >>> >>> 1. The market clients (like Google Market, AndAppStore, SlideME) could >>> record on their servers some kind of identifier about who bought the >>> app and perhaps what Android device it was bought for. They already >>> capture the who information. >>> >>> 2. Android apps that care can, on first launch, ask the user about >>> their identifier and what service they bought the app from. >>> >>> 3. The app, or the servers that support the app, can query, via http, >>> the market client service to ask did so-and-so get this app from you? >>> >>> 4. If an affirmative response can be had then the app is not pirated. >>> Otherwise the app is pirated >>> >>> Google Market, AndAppStore, SlideME, etc… will need to make such a >>> service available, via http. >>> >>> It would be straight-forward to generate a list of installed market >>> clients for the user to select from. The market clients may even be >>> able to supply the user identification so user does not need to enter >>> it. >>> >>> The application could retrieve from its servers the list of market >>> clients is believes are legitimate in order to prevent the bogus >>> clients from spoofing it. >>> >>> If you installed an app w/out a market client and the app did not >>> intend for such an installation to happen, like on rooted phones using >>> adb, then the app is pirated. >>> >>> And finally, could this process be invisible to the user and just >>> involve communication between the app and installed market clients and >>> the market clients servers and the apps servers? >>> >>> >>> >> >> >> > > > > -- Writing code is one of few things that teaches me I don't know everything. http://www.fuligin.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
