This is a great idea. I was thinking of using the device Id but this way the user can always install his apps on any device that has his sim. If he removes the sim then the app stops working.
On Mar 4, 2009, at 12:44 PM, James Clements <[email protected]> wrote: IMHO ... the best way for a dev to protect his app is to have it register itself to the Buyers cell-phone number .... then copies would not work on other phones and the original buyer could backup the app in case anything happens .... On Wed, Mar 4, 2009 at 3:37 AM, [email protected] <[email protected]> wrote: These are good points. I was going to make a similar post but you've pretty much covered what I had in mind. I also thought there should have been a simple encryption scheme involved with "copy-protected" apps. All I can come up with is that implementing a minimal copy protection scheme was/is not a priority for Google and ADP users/ developers are unfortunate victims of poor decision-making based on an incomplete, but nonetheless advertised feature. On Mar 2, 3:35 pm, Joe <[email protected]> wrote: > And why can we not have both? Your argument really does not hold > water. Think about everyone with G1s who have root and are on RC33. > Takes all of 30 minutes to root and update (thanks telnet). They are > not blocked from copy-protected apps, and yet can easily copy out copy > protected apps from the 'protected' folder, so it really does not make > any sense to ban ADP users from it. I mean really, all that implies is > that all Devs are pirates and thieves. Same concept for stores that > make you leave your bag outside when you walk in; they are calling you > a thief before you even enter. ADP1.1Holiday is locked out, which is > technically for Google employees only, so I guess they are all thieves > ^_~ > > My real only gripe is that; the 'copy protect' is so base it is almost > embarrassing. It really should be a vote to either remove the 'copy > protection' feature, or actually make something that is a bit harder > to crack (ie not just a folder that requires root). In reality, any > copy protection scheme will most likely be broken, but, if it is > harder to do, then likely people will not go through the effort for a > 99 cent app. For example how about these schemes (took literally 2 > minutes for me to think these up): > > When a user purchases a copy protected app, have the market encrypt > the APK file before it is sent for download. Then, when the installer > is run, have it call back to the google servers to obtain the > decryption key, which is tied to the user account. IE, for copy > protected apps, your user account will actually hold all of the keys > to allow installation on any device that is signed into your account. > The transfer of keys could even occur over SSL, making it very secure. > Throw in 128bit + encryption on the APK (openPGP anyone?). > > A even simpler method would be to have each dev sign their APKs with a > license key (think google maps style), which, when purchased would > store the key on the user's account. When run (or installed) the APK > can call to the server and see if the current user actually has that > key in their user account, else, it will not allow installation. Same > concept, but does not even need encryption. > > The point is there is a ton of ways to easily do copy protection that > works pretty well, and making a simple root protected folder is not > one of them, and, is quite frankly pretty half assed. The current > system that is implemented is really misleading for Devs who think it > offers any protection at all for their applications, and thus, if it > is not changed, it should be removed. Remember the golden rule, we > want security, not obfuscation! On that > note, this should have nothing to do with firmware, or the ability to > flash it, nor should the firmware have really anything to do with the > copy protection on the market or installer. Remember, those are closed > source anyways, so if you can flash new firmware to circumvent it > (which you currently can), it is a piss poor model that should be > scrapped. > > Sorry if this is a bit rantish, but I have yet to understand why > anyone would stand behind the current 'copy protection', defend it, or > even rationalize it. And remember, down the line, I bet most handsets > will be rooted, just like the G1 was; if there is a challenge, someone > somewhere will rise to it. > > So in short, to make the argument of firmware vs. market 'copy > protection' is bogus, and it should not even play a factor. The two > should be separate and autonomous. Devs have paid alot of money for > their ADP1 phones, and *gasp* might even use it for day to day use, > and might even want to buy something like bettercut (copy protected), > or a game or two to make it that much better. > > On Mar 2, 6:02 pm, Mark Murphy <[email protected]> wrote: > > > vendor.net wrote: > > > Please vote for +1 if you agree that google should do something to > > > allow developers with ADP1 to access the paid and protected apps and > > > finally to release the new firmware we all are waiting for ADP 1.1 . > > > I don't think there is a vote necessary on the ADP 1.1 firmware -- that > > will be released when it's ready, and the core Android team has been > > fairly explicit and consistent in saying that it is not ready. The fact > > that it is taking so long is regrettable, but I see no reason to doubt > > that, when it's ready, it'll be released. > > > AFAIK, ADP 1.1 covers the paid apps access, meaning the only gap is in > > copy-protected apps, which the G1 supports and the ADP1 does not. > > > With respect to "allow developers with ADP1 to access the...protected apps": > > > -1 > > > This vote is based on a guess: they won't be able to develop an ADP1 > > firmware that supports copy-protected apps *and* can be used for > > firmware development. We'll either get one or the other, and a +1 vote > > means we get copy-protected app access and no ability to replace the > > firmware. > > > Right now, and for the foreseeable future, there will be more devices > > capable of accessing copy-protected apps than will be usable for > > firmware development. In fact, it's not completely out of the question > > that the ADP1 will be the only device *ever* truly usable for firmware > > development....if the other Android-based phones are all locked for > > carriers' use like the G1 is. > > > Right now, developers who have an ADP1 and need a G1 for the > > copy-protection issue can at least buy a G1 (e.g., one of the few > > hundred available on eBay for less than the ADP1 costs) and resell their > > ADP1. If the ADP1 gets locked down to allow copy-protected apps access, > > firmware developers are screwed, possibly forever. > > > If there's some evidence to suggest that the ADP1 will truly be able to > > support both roles (more than JBQ's assertion that dual-role was the > > original plan, since that may not reflect current reality), that could > > easily sway my opinion. Or, if firmware developers chime in and claim > > they don't need an ADP1 for firmware development, that too might sway my > > opinion. > > > -- > > Mark Murphy (a Commons Guy)http://commonsware.com > > > Android Training on the Ranch! -- Mar 16-20, > > 2009http://www.bignerdranch.com/schedule.shtml --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
