On Thu, Apr 12, 2012 at 2:34 AM, b0b pujos.mich...@gmail.com wrote:
Would it also be possible to initiate the LVL check from the free app?
Not possible. You cannot add the request LVL permission to a free app.
Hmm, that's kind of silly. Obviously, it makes no sense to LVL-check
a package
On Thursday, 12 April 2012 15:27:29 UTC+1, latimerius wrote:
On Thu, Apr 12, 2012 at 2:34 AM, b0b wrote:
Would it also be possible to initiate the LVL check from the free app?
Not possible. You cannot add the request LVL permission to a free app.
Hmm, that's kind of silly.
I'll try to throw in a few more two cent coins :)
1) Hackers and piracy, pt1.
Some people on this list have stated that they've chosen to not implement
LVL for a paid app, and to spend that time improving the app.
There is certainly nothing wrong with that decision.
2) Hackers and piracy, pt2.
I too consider not protecting the app at all a valid option. However,
ideally I would like to have something to deter the more simple-minded
cracking attacks. Anti-copying protection seems to follow the 80/20
rule quite often - confusing and annoying the army of script kiddies
or attackers who
On Thursday, 12 April 2012 16:26:37 UTC+1, latimerius wrote:
I too consider not protecting the app at all a valid option. However,
ideally I would like to have something to deter the more simple-minded
cracking attacks. Anti-copying protection seems to follow the 80/20
rule quite often -
On Thursday, 12 April 2012 16:26:37 UTC+1, latimerius wrote:
I too consider not protecting the app at all a valid option. However,
ideally I would like to have something to deter the more simple-minded
cracking attacks. Anti-copying protection seems to follow the 80/20
rule quite often -
One thing that I do that does help a little with the protection is check
that the paid app that runs my LVL check is signed with the same signature
as my free app... Still not foolproof, but it is a nice little measure that
helps prevent the more simple-minded hackers from cracking the app:
On Thu, Apr 12, 2012 at 5:55 PM, Justin Anderson magouyaw...@gmail.com wrote:
One thing that I do that does help a little with the protection is check
that the paid app that runs my LVL check is signed with the same signature
as my free app... Still not foolproof, but it is a nice little
This is one of those things that can be easily circumvented by a script.
getPackageManager and checkSignature are easy to identify, and making the
latter return SIGNATURE_MATCH should be really easy.
Don't know if there is one now, but last year there was a script floating
around that did
Well, like I said, it isn't foolproof...
Thanks,
Justin Anderson
MagouyaWare Developer
http://sites.google.com/site/magouyaware
2012/4/12 Kostya Vasilyev kmans...@gmail.com
This is one of those things that can be easily circumvented by a script.
getPackageManager and checkSignature are easy
2012/4/12 Kostya Vasilyev kmans...@gmail.com:
This is one of those things that can be easily circumvented by a script.
getPackageManager and checkSignature are easy to identify, and making the
latter return SIGNATURE_MATCH should be really easy.
Do you know by any chance how much protection
Class.forName is just as easy to identify
as getPackageManager.getPackageInfo...
IIRC, the script I was referring to earlier could handle reflection...
-- K
12 апреля 2012 г. 20:54 пользователь Latimerius
l4t1m3r...@googlemail.comнаписал:
2012/4/12 Kostya Vasilyev kmans...@gmail.com:
This
On Thursday, 12 April 2012 18:11:21 UTC+2, latimerius wrote:
Nice idea. Actually, if the free app can get access to the paid app
executable (which I hope it can) I might be possible to restore some
of the protection by having the free app run anti-tampering checks on
the paid one. That
2012/4/12 Kostya Vasilyev kmans...@gmail.com:
Class.forName is just as easy to identify
as getPackageManager.getPackageInfo...
IIRC, the script I was referring to earlier could handle reflection...
So I assume reflection could only be of significant help if you a) use
it a lot, not just to
On Thu, Apr 12, 2012 at 7:57 PM, b0b pujos.mich...@gmail.com wrote:
At this point (LVL + anti-tamper code + sensitive strings ofuscation) is a
lot of work and testing, and it is debatable
whether it is worth it or not because a dedeicated cracker will eventually
crack it if motivated.
At
This is the top result when Googling for android application cracking:
http://androidcracking.blogspot.com/
for educational purposes only, of course.
It should give you an idea of what kinds of attacks your application might
be subjected to.
There might be even be a script or two to test your
This blog looks more script kiddie-ish than you'd want... the posts
are mostly about using smali to do things with apps and inspect your
bytecode... In general the people you should be afraid of probably
won't have blogs :-P
kris
2012/4/12 Kostya Vasilyev kmans...@gmail.com:
This is the top
On Wed, Apr 11, 2012 at 7:39 AM, Iain King iaink...@gmail.com wrote:
Everyone who releases a
free version seems to do it by releasing two different apps - I'd rather
avoid that if I can.
Then use in-app purchasing. Only distribute the free app, and have the
app upgrade itself to paid (e.g.,
On Wednesday, 11 April 2012 12:47:30 UTC+1, Mark Murphy (a Commons Guy)
wrote:
On Wed, Apr 11, 2012 at 7:39 AM, Iain King wrote:
Everyone who releases a
free version seems to do it by releasing two different apps - I'd rather
avoid that if I can.
Then use in-app purchasing. Only
On Wed, Apr 11, 2012 at 7:56 AM, Iain King iaink...@gmail.com wrote:
That would work, but I don't like the user experience: their first
interaction at the store is to see Install (Free), and then their first
interaction in the game is to see Buy me now!!!.
Then don't do that. You are the one
On Wednesday, 11 April 2012 13:04:51 UTC+1, Mark Murphy (a Commons Guy)
wrote:
On Wed, Apr 11, 2012 at 7:56 AM, Iain King wrote:
That would work, but I don't like the user experience: their first
interaction at the store is to see Install (Free), and then their first
interaction in the
On Wed, Apr 11, 2012 at 1:47 PM, Mark Murphy mmur...@commonsware.com wrote:
On Wed, Apr 11, 2012 at 7:39 AM, Iain King iaink...@gmail.com wrote:
Everyone who releases a
free version seems to do it by releasing two different apps - I'd rather
avoid that if I can.
Then use in-app purchasing.
And to add two more cents: in-app items don't show in the user's purchases
list in Market... scratch that, Google Play application on the device.
Sometimes this raises questions about whether they'd have to be repurchased
- even though they don't, obviously not every user understands this.
-- K
I have an app that uses two apk's... One is the free one, and the paid one
acts as a plugin to unlock features in the free one. I developed this
before in-app purchasing was available, but I don't know if I would have
used in-app purchasing had it been available for use due to all the drama
with
On Wednesday, 11 April 2012 16:06:58 UTC+1, MagouyaWare wrote:
I have an app that uses two apk's... One is the free one, and the paid one
acts as a plugin to unlock features in the free one. I developed this
before in-app purchasing was available, but I don't know if I would have
used
2012/4/11 Justin Anderson magouyaw...@gmail.com:
My paid app actually does nothing other than the LVL check
through the service.
Would it also be possible to initiate the LVL check from the free app?
Client-side security has to rely on obfuscation to some extent,
otherwise the attacker can
On Wednesday, 11 April 2012 16:22:11 UTC+1, latimerius wrote:
2012/4/11 Justin Anderson
My paid app actually does nothing other than the LVL check
through the service.
Would it also be possible to initiate the LVL check from the free app?
Client-side security has to rely on
Doesn't that end up with your user ending up with both apps installed
anyway? So at some later time when they are trying to clear up space, they
still see YourGame Demo is installed, and nuke it?
In my case no, because I don't market it as a trial version... I market it
as AppSwipe! Task
On Wednesday, 11 April 2012 16:37:24 UTC+1, MagouyaWare wrote:
Doesn't that end up with your user ending up with both apps installed
anyway? So at some later time when they are trying to clear up space, they
still see YourGame Demo is installed, and nuke it?
In my case no, because I
On Wed, Apr 11, 2012 at 5:27 PM, Iain King iaink...@gmail.com wrote:
On Wednesday, 11 April 2012 16:22:11 UTC+1, latimerius wrote:
2012/4/11 Justin Anderson
My paid app actually does nothing other than the LVL check
through the service.
Would it also be possible to initiate the LVL
On Wed, Apr 11, 2012 at 5:37 PM, Justin Anderson magouyaw...@gmail.com wrote:
Would it also be possible to initiate the LVL check from the free app?
I tried that but ran into some snags... It is probably possible, but you
would have to modify the LVL a bit to allow you to specify the package
Not possible. You cannot add the request LVL permission to a free app.
Stupid me... I should have remembered that (but it WAS a long time ago).
The annoying thing is that you can get ALL the way up to publishing on the
Market... And when you try to upload it tells you that you can't have the
32 matches
Mail list logo
