We could ask AndAppStore if they are willing to share. So Al, is what you guys are doing with the app security something that could be shared with Google and other app services? (I will study your security API soon and hopefully be able to accommodate it in our apps!)
I ask because your ideas seem spot on and more advanced than what Google is providing. In fact, if Google does not do something similar to beef up its security along the lines of what you guys are doing them it will be time to quit trying to distribute through the Google Market. Because as the Google Market stands right now it means developers are signing up to give apps away. That's no way to monetize. As Wayne says it would be nice to have a standard to ease the burden on developers. On Wed, Oct 14, 2009 at 5:19 PM, Wayne Wenthin <[email protected]> wrote: > Adopting AndAppStore's version as a standard would be Ideal. Only one set > of code to modify. > I wonder if they are willing to share with other stores? > > > On Wed, Oct 14, 2009 at 1:35 PM, Robert Woodruff <[email protected]>wrote: > >> Its not bullet proof, but it is thicker plating. Apparently the >> AndAppStore people have already implemented something similar. I feel like >> it is a step in the right direction and hope other like Goolge Market and >> SlideMe will do somethng similar! >> >> Perhaps they can even adopt the AndAppStore version as a standard. >> >> >> On Wed, Oct 14, 2009 at 1:54 PM, Dan Sherman <[email protected]> wrote: >> >>> Unfortunately has a few problems: >>> >>> 1) The user has to have an internet connection on first load of the app. >>> >>> 2) If its via HTTP or some other well documented protocol, could easily >>> have a hosts entry re-point where to ask for confirmation to a server that >>> just responds "OK". This could be overcome possibly with a pub/priv key >>> system of signing. >>> >>> 3) Should still be possible to get a copy of the apk, and remove the code >>> block for that check I imagine... >>> >>> You're going to have a problem with piracy no matter what you do. Look >>> at _every_ platform, and every form of copy protection, they all have >>> piracy. The only exception to this that I can see is hosted services (like >>> World of Warcraft, and websites), where all of the user data is stored some >>> place that you have control over, and can check for validity on your side, >>> with known-good code at run-time. Any time you put code/logic on a client >>> side, it can be subverted one way or another... >>> >>> - Dan >>> >>> On Wed, Oct 14, 2009 at 1:38 PM, WoodManEXP <[email protected]>wrote: >>> >>>> >>>> I am no security expert and have not thought this out all the way, but >>>> could a workable solution to the pirating problem be something like >>>> this: >>>> >>>> >>>> 1. The market clients (like Google Market, AndAppStore, SlideME) could >>>> record on their servers some kind of identifier about who bought the >>>> app and perhaps what Android device it was bought for. They already >>>> capture the who information. >>>> >>>> 2. Android apps that care can, on first launch, ask the user about >>>> their identifier and what service they bought the app from. >>>> >>>> 3. The app, or the servers that support the app, can query, via http, >>>> the market client service to ask did so-and-so get this app from you? >>>> >>>> 4. If an affirmative response can be had then the app is not pirated. >>>> Otherwise the app is pirated >>>> >>>> Google Market, AndAppStore, SlideME, etc… will need to make such a >>>> service available, via http. >>>> >>>> It would be straight-forward to generate a list of installed market >>>> clients for the user to select from. The market clients may even be >>>> able to supply the user identification so user does not need to enter >>>> it. >>>> >>>> The application could retrieve from its servers the list of market >>>> clients is believes are legitimate in order to prevent the bogus >>>> clients from spoofing it. >>>> >>>> If you installed an app w/out a market client and the app did not >>>> intend for such an installation to happen, like on rooted phones using >>>> adb, then the app is pirated. >>>> >>>> And finally, could this process be invisible to the user and just >>>> involve communication between the app and installed market clients and >>>> the market clients servers and the apps servers? >>>> >>>> >>>> >>> >>> >>> >> >> >> > > > -- > Writing code is one of few things > that teaches me I don't know everything. > > http://www.fuligin.com > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
