How do you get hold of the users google account from your app?
On Nov 17, 10:03 pm, Streets Of Boston <[email protected]> wrote: > What would happen if someone gets a new android phone? The app's > authentication will fail. > > You should hash/key on the user's google-account, the same key that is > used by Android Market (you can download paid apps as often as you > want - once you paid for them - based on your google-account) > > On Nov 15, 2:32 am, android kracker <[email protected]> wrote: > > > Using the unique ID (hash) of the phone, register it with your web > > service on install. > > Then employ PKI to authenticate your app on each launch. > > On your web service sign a string containing the hash, timestamp, and > > a short expiration timestamp. > > Then have your app use your public key (in the app) to authenticate > > the string, verify the timestamps, and complete > > the launch if valid, otherwise abort the launch or offer the user to > > come clean and install. > > To prevent code modification--bypassing the check--don't include all > > of the code in the app. > > Keep some of it on the server and only send it to the app if the check > > takes place and passes the check. > > This way the app will not function correctly unless the check is > > performed and passes. > > Create a set of one-off methods (dummys that just pass through) that > > you can dynamically use with each app instance; since you > > are in control of the download (unlike Market publishers), you can > > dynamically build and package a unique app for each instance > > downloaded. > > This way no two apps use the same method and a hacker is up a creek as > > far a patching the code > > and replicating it to the community. When one instance is cracked, and > > it will be, then your server can cancel that hacked instance > > without effecting all of the other valid users. This will create a > > string disincentive, because no two app are the same, codewise ;-) > > > Maybe we should start a service and offer Android publishers a secure > > distribution service, unlike the Market. > > There is no way to register (stamp an app with a phone id) downloads > > from the Market prior to installation. > > As it stands now publishers have no way to verify if their app was > > downloaded from the Market or copied and installed by other means. > > > If there is I would like to know. I've asked but I never get replies > > regarding this advanced topic. Most publishers are still learning to > > just create apps, let alone seek out secure distribution and customer > > behavior--only Google enjoys this privilege, currently. > > > Here's a method snippet for getting the unique ID and hashing it: > > > String getPhoneID(){ > > MessageDigest digest; > > try { > > digest = MessageDigest.getInstance("SHA-1"); > > } catch (NoSuchAlgorithmException e) { > > throw new RuntimeException("this should never happen"); > > } > > > String srvcName = Context.TELEPHONY_SERVICE; > > TelephonyManager telephonyManager = > > (TelephonyManager)getSystemService(srvcName); > > > /* requires READ_PHONE_STATE permission */ > > String deviceId = telephonyManager.getDeviceId(); > > if (TextUtils.isEmpty(deviceId)) { > > return ""; > > } > > > byte[] hashedDeviceId = digest.digest(deviceId.getBytes()); > > String id = new String(Base64.encodeBase64(hashedDeviceId), 0, > > 12); > > id = id.replaceAll("/", "_"); > > return id; > > > } > > > On Nov 14, 7:12 am,jax<[email protected]> wrote: > > > > I am wondering how I might go aboutsecuringa paid app on Android. > > > > I am thinking of selling the application from my own website via > > > PayPal, however, how will I stop people from sharing it with their > > > friends etc. Does Android have any type of native support for this?- > > > Hide quoted text - > > > - Show quoted text - > > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
