[android-developers] Re: I've found a way to stop piracy of my apps
Dave, Would you be interested in working with us at AndAppStore to offer an alternative purchase location? From your code I can see that we could create a LicenseManagerImpl which interfaces into our purchase checking system to cover the license management aspect, and we accept payments via PayPal so it looks like a good fit. I don't really want to spend time doing it if you're not interested in incorporating the code into the project because we don't want to create fork your code base just to support us. What do you think? Al. On Jun 17, 9:31 pm, keyeslabs keyes...@gmail.com wrote: Biggest issues that I've seen for my own apps (and those other brave souls who use AAL) have been related to legitimate users that somehow can't validate their purchase. For example: 1. user buys app on marke using a 2.0-based phone. validation happens just fine. 2. user backs up app, flashes rom to as-of-yet unreleased 2.2, and restores app 3. Upon startup of the app on the newly-flashed phone, AAL properly detects the missing license. 4. AAL fails validation, since 2.2-based devices can't see paid apps on the market since Google hasn't registered that release in the market database. Other fringe scenarios similar to this. When I deployed AAL into my apps, I had a few loud complainers that has tapered off now and I don't really have any serious problems. I now get a lot of emails from people in countries that can't buy from Android market. Overall, AAL seems to be working quite well. Lately I've been wondering if there's a way that I can offer the user an alternative mechanism for purchasing the pirated app. For example, I upload to Android Market, pirates post on download boards, others download, and then when validation fails offer to let them buy from PayPal and license things that way. I don't think that would break any of the Android Market rules (since the pirated version isn't being distributed by the market -- it's being distributed by a pirate board), and it sure would open up distribution to markets that Google doesn't currently serve. Dave On Jun 17, 3:39 pm, String sterling.ud...@googlemail.com wrote: On Jun 17, 8:05 pm, keyeslabs keyes...@gmail.com wrote: AALhas now been open-sourced. Find details here: http://bit.ly/coz0yB. Cool. Thanks for sharing it. Are you still having good luck usingAALwith your own app(s)? Any downsides you've found? String -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
I would be interested in discussing this, Al. Assuming that our use cases align and that your APIs provide necessary functionality, it should work quite nicely. As for the code base, I split LicenseManager and LicenseManagerImpl primarily to facilitate obfuscation (I don't obfuscate LicenseManager and a few other classes in the public API, but the remainder of the classes get scrambled up during the build process). There will be some level of refactoring that will need to be done in LicenseManagerImpl to support pluggable purchase verification providers, but this shouldn't be too difficult. Let's take this into the AAL message group to discuss further. Dave On Jun 18, 3:45 am, Al Sutton a...@funkyandroid.com wrote: Dave, Would you be interested in working with us at AndAppStore to offer an alternative purchase location? From your code I can see that we could create a LicenseManagerImpl which interfaces into our purchase checking system to cover the license management aspect, and we accept payments via PayPal so it looks like a good fit. I don't really want to spend time doing it if you're not interested in incorporating the code into the project because we don't want to create fork your code base just to support us. What do you think? Al. On Jun 17, 9:31 pm, keyeslabs keyes...@gmail.com wrote: Biggest issues that I've seen for my own apps (and those other brave souls who use AAL) have been related to legitimate users that somehow can't validate their purchase. For example: 1. user buys app on marke using a 2.0-based phone. validation happens just fine. 2. user backs up app, flashes rom to as-of-yet unreleased 2.2, and restores app 3. Upon startup of the app on the newly-flashed phone, AAL properly detects the missing license. 4. AAL fails validation, since 2.2-based devices can't see paid apps on the market since Google hasn't registered that release in the market database. Other fringe scenarios similar to this. When I deployed AAL into my apps, I had a few loud complainers that has tapered off now and I don't really have any serious problems. I now get a lot of emails from people in countries that can't buy from Android market. Overall, AAL seems to be working quite well. Lately I've been wondering if there's a way that I can offer the user an alternative mechanism for purchasing the pirated app. For example, I upload to Android Market, pirates post on download boards, others download, and then when validation fails offer to let them buy from PayPal and license things that way. I don't think that would break any of the Android Market rules (since the pirated version isn't being distributed by the market -- it's being distributed by a pirate board), and it sure would open up distribution to markets that Google doesn't currently serve. Dave On Jun 17, 3:39 pm, String sterling.ud...@googlemail.com wrote: On Jun 17, 8:05 pm, keyeslabs keyes...@gmail.com wrote: AALhas now been open-sourced. Find details here: http://bit.ly/coz0yB. Cool. Thanks for sharing it. Are you still having good luck usingAALwith your own app(s)? Any downsides you've found? String -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
AAL has now been open-sourced. Find details here: http://bit.ly/coz0yB. On May 10, 4:24 pm, niko20 nikolatesl...@yahoo.com wrote: Well I will say one thing, if it was opened up, that would allow each dev to make small code changes, so it would never be cookie cutter then...however, I am not against that you are trying to make some income from it, I mean you still did have to do the work. -niko On May 10, 10:06 am, dadical keyes...@gmail.com wrote: That argument assumes that I don't respond to those cracks with improvements toAALthat will make it more difficult! :) Also, each app will need to be cracked individually, and I'm trying to work out some ways to make that a job that isn't cookie-cutter. The point here is to get this past the pain threshold where it won't be worth the trouble for an app that is only a few bucks. This is fascinating stuff, but very, very non-lucrative. I don't really want to engage in this game, but I don't see an alternative until it gets solved at the platform level. Given the lack of commercial interest (and the prodding of several smart devs), I've considered opening this up, but I'm not sure how to do that without it simply lowering the barrier for pirates. On May 10, 3:55 am, MobDev developm...@mobilaria.com wrote: It took several days (almost a week) for crackers to decompile Screebl Pro and find a way to circumventAAL. Typically it takes about 90 secs from the time that we publish to the market for the various warez sites to start tweeting the location of the download. I was wondering, after the first crack-run they obviously will have devised a crack-method, which means that every other app usingAAL will be cracked within 90 seconds till a new version is released... A week of cracking will only be the case during the first attempt... -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
On Jun 17, 8:05 pm, keyeslabs keyes...@gmail.com wrote: AAL has now been open-sourced. Find details here: http://bit.ly/coz0yB. Cool. Thanks for sharing it. Are you still having good luck using AAL with your own app(s)? Any downsides you've found? String -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
Biggest issues that I've seen for my own apps (and those other brave souls who use AAL) have been related to legitimate users that somehow can't validate their purchase. For example: 1. user buys app on marke using a 2.0-based phone. validation happens just fine. 2. user backs up app, flashes rom to as-of-yet unreleased 2.2, and restores app 3. Upon startup of the app on the newly-flashed phone, AAL properly detects the missing license. 4. AAL fails validation, since 2.2-based devices can't see paid apps on the market since Google hasn't registered that release in the market database. Other fringe scenarios similar to this. When I deployed AAL into my apps, I had a few loud complainers that has tapered off now and I don't really have any serious problems. I now get a lot of emails from people in countries that can't buy from Android market. Overall, AAL seems to be working quite well. Lately I've been wondering if there's a way that I can offer the user an alternative mechanism for purchasing the pirated app. For example, I upload to Android Market, pirates post on download boards, others download, and then when validation fails offer to let them buy from PayPal and license things that way. I don't think that would break any of the Android Market rules (since the pirated version isn't being distributed by the market -- it's being distributed by a pirate board), and it sure would open up distribution to markets that Google doesn't currently serve. Dave On Jun 17, 3:39 pm, String sterling.ud...@googlemail.com wrote: On Jun 17, 8:05 pm, keyeslabs keyes...@gmail.com wrote: AALhas now been open-sourced. Find details here: http://bit.ly/coz0yB. Cool. Thanks for sharing it. Are you still having good luck usingAALwith your own app(s)? Any downsides you've found? String -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
for me, I am developing an app that I think will be heavily pirated. my idea to stop that is to require the user to update with each update I make (maybe once every 2 weeks or so), which would require them to buy it. the app needs to connect to my server anyway, so if it connects with an older version number, it tells the user to update. simple! -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: I've found a way to stop piracy of my apps
I think that this is also way. But some users hate updates (I got feedback that my app has too often updates ;-) ). I still think that Google should provide API for programmatical verification whether user bought given copy or not. Tom On Fri, May 21, 2010 at 8:14 AM, Ivan Greene ivant...@gmail.com wrote: for me, I am developing an app that I think will be heavily pirated. my idea to stop that is to require the user to update with each update I make (maybe once every 2 weeks or so), which would require them to buy it. the app needs to connect to my server anyway, so if it connects with an older version number, it tells the user to update. simple! -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.comandroid-developers%2bunsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -- --- Tom Hubalek (tom.huba...@gmail.com), http://blog.hubalek.net/ http://facebook.com/thubalek, http://twitter.com/thubalek http://www.linkedin.com/in/thubalek -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: I've found a way to stop piracy of my apps
On Fri, May 21, 2010 at 1:14 AM, Ivan Greene ivant...@gmail.com wrote: I make (maybe once every 2 weeks or so), which would require them to buy it. This wouldn't require them to buy it if they pirated it to begin with - it would just require them to pirate it again. Might be enough of nuisance to encourage some people to buy, but won't solve your problem completely. - TreKing - Chicago transit tracking app for Android-powered devices http://sites.google.com/site/rezmobileapps/treking -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
Pardon the direct contact. I was at Google IO these past two days and during one of the sessions, a Fireside chat (http://code.google.com/events/io/2010/sessions/ fireside-chat-android-team.html), I asked the Android team if the market API was going to be opened up, on the web side and the device too. I mentioned your licensing scheme, although I didn't say any names. The answer, although unsatisfying is still interesting. I hope you don't mind mentioning the topic, I'm sure some of them have followed this thread anyway. -John p.s. IO was great, got a free HTC EVO. On May 18, 4:07 pm, dadical keyes...@gmail.com wrote: Excellent points. This is why in my requirements for AAL, I started with the assumption that PAYING customers should: - never have to type in a password - never have to type in a license key - only have to generate a valid license once (well, actually twice -- initially and then again after the 24 hr refund period), and this generation should be transparent and automatic As for pirates, the experience is configurable, but in my apps, I never lock them out, just nag them each time that they run my app. Since deploying AAL in my app, about 50% of the installs have properly validated their purchase and generated a license. The other 50% did not properly validate (meaning that they potentially stole it) and after some number of failures are politely being invited to purchase for 15 seconds each time that they start. Sales are up. Dave On May 10, 12:04 pm, Raymond Ingles sorceror...@gmail.com wrote: On Mon, May 10, 2010 at 11:06 AM, dadical keyes...@gmail.com wrote: The point here is to get this past the pain threshold where it won't be worth the trouble for an app that is only a few bucks. It's not clear that piracy translates into lost sales: http://blog.wolfire.com/2010/05/Another-view-of-game-piracy iPhone game developers have also found that around 80% of their users are running pirated copies of their game (using jailbroken phones)... [but] The highest estimate I've seen is that 10% of worldwide iPhones are jailbroken... The answer is simple -- the average pirate downloads a lot more games than the average customer buys. This means that even though games see that 80% of their copies are pirated, only 10% of their potential customers are pirates, which means they are losing at most 10% of their sales. Apparently the people who pirate, pirate a *lot*. And, conversely, the people who *don't* pirate simply don't put as many apps on their devices. Be very careful that, in your understandable zeal to fight pirates, you don't penalize the legitimate users. Make the app too irritating and people won't buy it at all. In other words, if you're not careful, the *paying* customers can conclude it's not worth the trouble for an app that is only a few bucks. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
Excellent points. This is why in my requirements for AAL, I started with the assumption that PAYING customers should: - never have to type in a password - never have to type in a license key - only have to generate a valid license once (well, actually twice -- initially and then again after the 24 hr refund period), and this generation should be transparent and automatic As for pirates, the experience is configurable, but in my apps, I never lock them out, just nag them each time that they run my app. Since deploying AAL in my app, about 50% of the installs have properly validated their purchase and generated a license. The other 50% did not properly validate (meaning that they potentially stole it) and after some number of failures are politely being invited to purchase for 15 seconds each time that they start. Sales are up. Dave On May 10, 12:04 pm, Raymond Ingles sorceror...@gmail.com wrote: On Mon, May 10, 2010 at 11:06 AM, dadical keyes...@gmail.com wrote: The point here is to get this past the pain threshold where it won't be worth the trouble for an app that is only a few bucks. It's not clear that piracy translates into lost sales: http://blog.wolfire.com/2010/05/Another-view-of-game-piracy iPhone game developers have also found that around 80% of their users are running pirated copies of their game (using jailbroken phones)... [but] The highest estimate I've seen is that 10% of worldwide iPhones are jailbroken... The answer is simple -- the average pirate downloads a lot more games than the average customer buys. This means that even though games see that 80% of their copies are pirated, only 10% of their potential customers are pirates, which means they are losing at most 10% of their sales. Apparently the people who pirate, pirate a *lot*. And, conversely, the people who *don't* pirate simply don't put as many apps on their devices. Be very careful that, in your understandable zeal to fight pirates, you don't penalize the legitimate users. Make the app too irritating and people won't buy it at all. In other words, if you're not careful, the *paying* customers can conclude it's not worth the trouble for an app that is only a few bucks. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: I've found a way to stop piracy of my apps
On Mon, May 10, 2010 at 11:06 AM, dadical keyes...@gmail.com wrote: The point here is to get this past the pain threshold where it won't be worth the trouble for an app that is only a few bucks. It's not clear that piracy translates into lost sales: http://blog.wolfire.com/2010/05/Another-view-of-game-piracy iPhone game developers have also found that around 80% of their users are running pirated copies of their game (using jailbroken phones)... [but] The highest estimate I've seen is that 10% of worldwide iPhones are jailbroken... The answer is simple -- the average pirate downloads a lot more games than the average customer buys. This means that even though games see that 80% of their copies are pirated, only 10% of their potential customers are pirates, which means they are losing at most 10% of their sales. Apparently the people who pirate, pirate a *lot*. And, conversely, the people who *don't* pirate simply don't put as many apps on their devices. Be very careful that, in your understandable zeal to fight pirates, you don't penalize the legitimate users. Make the app too irritating and people won't buy it at all. In other words, if you're not careful, the *paying* customers can conclude it's not worth the trouble for an app that is only a few bucks. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
It took several days (almost a week) for crackers to decompile Screebl Pro and find a way to circumvent AAL. Typically it takes about 90 secs from the time that we publish to the market for the various warez sites to start tweeting the location of the download. I was wondering, after the first crack-run they obviously will have devised a crack-method, which means that every other app using AAL will be cracked within 90 seconds till a new version is released... A week of cracking will only be the case during the first attempt... -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
That argument assumes that I don't respond to those cracks with improvements to AAL that will make it more difficult! :) Also, each app will need to be cracked individually, and I'm trying to work out some ways to make that a job that isn't cookie-cutter. The point here is to get this past the pain threshold where it won't be worth the trouble for an app that is only a few bucks. This is fascinating stuff, but very, very non-lucrative. I don't really want to engage in this game, but I don't see an alternative until it gets solved at the platform level. Given the lack of commercial interest (and the prodding of several smart devs), I've considered opening this up, but I'm not sure how to do that without it simply lowering the barrier for pirates. On May 10, 3:55 am, MobDev developm...@mobilaria.com wrote: It took several days (almost a week) for crackers to decompile Screebl Pro and find a way to circumvent AAL. Typically it takes about 90 secs from the time that we publish to the market for the various warez sites to start tweeting the location of the download. I was wondering, after the first crack-run they obviously will have devised a crack-method, which means that every other app using AAL will be cracked within 90 seconds till a new version is released... A week of cracking will only be the case during the first attempt... -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
Well I will say one thing, if it was opened up, that would allow each dev to make small code changes, so it would never be cookie cutter then...however, I am not against that you are trying to make some income from it, I mean you still did have to do the work. -niko On May 10, 10:06 am, dadical keyes...@gmail.com wrote: That argument assumes that I don't respond to those cracks with improvements to AAL that will make it more difficult! :) Also, each app will need to be cracked individually, and I'm trying to work out some ways to make that a job that isn't cookie-cutter. The point here is to get this past the pain threshold where it won't be worth the trouble for an app that is only a few bucks. This is fascinating stuff, but very, very non-lucrative. I don't really want to engage in this game, but I don't see an alternative until it gets solved at the platform level. Given the lack of commercial interest (and the prodding of several smart devs), I've considered opening this up, but I'm not sure how to do that without it simply lowering the barrier for pirates. On May 10, 3:55 am, MobDev developm...@mobilaria.com wrote: It took several days (almost a week) for crackers to decompile Screebl Pro and find a way to circumvent AAL. Typically it takes about 90 secs from the time that we publish to the market for the various warez sites to start tweeting the location of the download. I was wondering, after the first crack-run they obviously will have devised a crack-method, which means that every other app using AAL will be cracked within 90 seconds till a new version is released... A week of cracking will only be the case during the first attempt... -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
Actually I think another pretty good solution is to simply put a date lock on the app, sort of how Astro works. What you do is make the app expire at a certain date. Before that date you release the next version with another lock moving forward. Maybe try a 2 or 3 month lock. Then when it does it simply asks the user to go to the market and update the app. If they are legit customers, that's easy, they just go an update it. But if they are pirated copies they wont be able to easily update it. -niko On May 10, 3:24 pm, niko20 nikolatesl...@yahoo.com wrote: Well I will say one thing, if it was opened up, that would allow each dev to make small code changes, so it would never be cookie cutter then...however, I am not against that you are trying to make some income from it, I mean you still did have to do the work. -niko On May 10, 10:06 am, dadical keyes...@gmail.com wrote: That argument assumes that I don't respond to those cracks with improvements to AAL that will make it more difficult! :) Also, each app will need to be cracked individually, and I'm trying to work out some ways to make that a job that isn't cookie-cutter. The point here is to get this past the pain threshold where it won't be worth the trouble for an app that is only a few bucks. This is fascinating stuff, but very, very non-lucrative. I don't really want to engage in this game, but I don't see an alternative until it gets solved at the platform level. Given the lack of commercial interest (and the prodding of several smart devs), I've considered opening this up, but I'm not sure how to do that without it simply lowering the barrier for pirates. On May 10, 3:55 am, MobDev developm...@mobilaria.com wrote: It took several days (almost a week) for crackers to decompile Screebl Pro and find a way to circumvent AAL. Typically it takes about 90 secs from the time that we publish to the market for the various warez sites to start tweeting the location of the download. I was wondering, after the first crack-run they obviously will have devised a crack-method, which means that every other app using AAL will be cracked within 90 seconds till a new version is released... A week of cracking will only be the case during the first attempt... -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
That works in most cases but not in a significant number of other cases. Consider users who go on an extended holiday to a non-paid app country. Astro works partly because its free. But then there is also the situation where you go on holiday and are using your phone offline. Then all of a sudden certain apps expire and you're faced with either expensive roaming charges (to update) or being without your favourite app(s). Also remember that in China, Google Sync (and therefore Android Market) is often blocked. On May 10, 10:29 pm, niko20 nikolatesl...@yahoo.com wrote: Actually I think another pretty good solution is to simply put a date lock on the app, sort of how Astro works. What you do is make the app expire at a certain date. Before that date you release the next version with another lock moving forward. Maybe try a 2 or 3 month lock. Then when it does it simply asks the user to go to the market and update the app. If they are legit customers, that's easy, they just go an update it. But if they are pirated copies they wont be able to easily update it. -niko On May 10, 3:24 pm, niko20 nikolatesl...@yahoo.com wrote: Well I will say one thing, if it was opened up, that would allow each dev to make small code changes, so it would never be cookie cutter then...however, I am not against that you are trying to make some income from it, I mean you still did have to do the work. -niko On May 10, 10:06 am, dadical keyes...@gmail.com wrote: That argument assumes that I don't respond to those cracks with improvements to AAL that will make it more difficult! :) Also, each app will need to be cracked individually, and I'm trying to work out some ways to make that a job that isn't cookie-cutter. The point here is to get this past the pain threshold where it won't be worth the trouble for an app that is only a few bucks. This is fascinating stuff, but very, very non-lucrative. I don't really want to engage in this game, but I don't see an alternative until it gets solved at the platform level. Given the lack of commercial interest (and the prodding of several smart devs), I've considered opening this up, but I'm not sure how to do that without it simply lowering the barrier for pirates. On May 10, 3:55 am, MobDev developm...@mobilaria.com wrote: It took several days (almost a week) for crackers to decompile Screebl Pro and find a way to circumvent AAL. Typically it takes about 90 secs from the time that we publish to the market for the various warez sites to start tweeting the location of the download. I was wondering, after the first crack-run they obviously will have devised a crack-method, which means that every other app using AAL will be cracked within 90 seconds till a new version is released... A week of cracking will only be the case during the first attempt... -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
Without introducing any new content - it makes it a very desirable target for patching. A simple patch will make sure the date check doesn't matter, and if you aren't introducing any new functionality, then there isn't a real reason for the user to upgrade. IMHO your just asking people to get fed up with the fake updates and patch it. -Tim On May 10, 4:29 pm, niko20 nikolatesl...@yahoo.com wrote: Actually I think another pretty good solution is to simply put a date lock on the app, sort of how Astro works. What you do is make the app expire at a certain date. Before that date you release the next version with another lock moving forward. Maybe try a 2 or 3 month lock. Then when it does it simply asks the user to go to the market and update the app. If they are legit customers, that's easy, they just go an update it. But if they are pirated copies they wont be able to easily update it. -niko On May 10, 3:24 pm, niko20 nikolatesl...@yahoo.com wrote: Well I will say one thing, if it was opened up, that would allow each dev to make small code changes, so it would never be cookie cutter then...however, I am not against that you are trying to make some income from it, I mean you still did have to do the work. -niko On May 10, 10:06 am, dadical keyes...@gmail.com wrote: That argument assumes that I don't respond to those cracks with improvements to AAL that will make it more difficult! :) Also, each app will need to be cracked individually, and I'm trying to work out some ways to make that a job that isn't cookie-cutter. The point here is to get this past the pain threshold where it won't be worth the trouble for an app that is only a few bucks. This is fascinating stuff, but very, very non-lucrative. I don't really want to engage in this game, but I don't see an alternative until it gets solved at the platform level. Given the lack of commercial interest (and the prodding of several smart devs), I've considered opening this up, but I'm not sure how to do that without it simply lowering the barrier for pirates. On May 10, 3:55 am, MobDev developm...@mobilaria.com wrote: It took several days (almost a week) for crackers to decompile Screebl Pro and find a way to circumvent AAL. Typically it takes about 90 secs from the time that we publish to the market for the various warez sites to start tweeting the location of the download. I was wondering, after the first crack-run they obviously will have devised a crack-method, which means that every other app using AAL will be cracked within 90 seconds till a new version is released... A week of cracking will only be the case during the first attempt... -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
I'm wondering how you know the piracy rate of your app. Is there a way to track that? I'd love to know if my apps are being pirated or not. On May 5, 9:20 am, dadical keyes...@gmail.com wrote: I've spent the last few weeks developing a new tool to stoppiracyof my paid apps on the Android Market. In a nutshell, licensing is tied directly to purchase verification. There is no license server to manage, no key for the user to enter. User experience is basically uninterrupted from normal application purchase. I'm excited about this, as my paid apps are now reachingpiracyrates as high as 90% on some days,with the average somewhere around 75%. For pirated apps, purchase verification (and subsequently licensing) will fail after a certain number of attempts, and pirates will be left with anything from a buy me nag, to a disabled app (behavior is configurable). Android Market is the only supported purchase validation target so far. Others will be forthcoming if demand warrants. This isn't a perfect solution (I have yet to find a perfect licensing solution), but I feel it is the best balance of security, features, and workflow that I've seen to date. You can find a write up, download, and purchasing information here:http://keyeslabs.com/joomla/index.php/projects/auto-app-licensing I'll be looking forward to the comments, suggestions, and death threats. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
That's easy. Install flurry or the likes, compare reported daily new installs to what you see reported by Google checkout. On May 9, 4:28 pm, Stephen Lebed srle...@gmail.com wrote: I'm wondering how you know the piracy rate of your app. Is there a way to track that? I'd love to know if my apps are being pirated or not. On May 5, 9:20 am, dadical keyes...@gmail.com wrote: I've spent the last few weeks developing a new tool to stoppiracyof my paid apps on the Android Market. In a nutshell, licensing is tied directly to purchase verification. There is no license server to manage, no key for the user to enter. User experience is basically uninterrupted from normal application purchase. I'm excited about this, as my paid apps are now reachingpiracyrates as high as 90% on some days,with the average somewhere around 75%. For pirated apps, purchase verification (and subsequently licensing) will fail after a certain number of attempts, and pirates will be left with anything from a buy me nag, to a disabled app (behavior is configurable). Android Market is the only supported purchase validation target so far. Others will be forthcoming if demand warrants. This isn't a perfect solution (I have yet to find a perfect licensing solution), but I feel it is the best balance of security, features, and workflow that I've seen to date. You can find a write up, download, and purchasing information here:http://keyeslabs.com/joomla/index.php/projects/auto-app-licensing I'll be looking forward to the comments, suggestions, and death threats. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: I've found a way to stop piracy of my apps
On Wed, May 5, 2010 at 2:49 PM, Marcut Andrei andreimar...@gmail.comwrote: Shane, You must be using your signature for the same? Looks like you are just trying to cast some vague doubts on SlideLock and SlideME [...] I prefer to stop here. I didn't say a word about SlideLock, so your point is completely off target. As members of this community know, I come out and say what I mean. If I had a problem with SlideLock, I would have said it. Do you do work for SlideME by the way? Thanks, -- Shane Isbell (Founder of ZappMarket) http://twitter.com/sisbell http://twitter.com/zappstore http://zappmarket.com -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: I've found a way to stop piracy of my apps
On Sun, May 9, 2010 at 5:23 PM, Shane Isbell shane.isb...@gmail.com wrote: On Wed, May 5, 2010 at 2:49 PM, Marcut Andrei andreimar...@gmail.comwrote: Shane, You must be using your signature for the same? Looks like you are just trying to cast some vague doubts on SlideLock and SlideME [...] I prefer to stop here. I didn't say a word about SlideLock, so your point is completely off target. As members of this community know, I come out and say what I mean. If I had a problem with SlideLock, I would have said it. Do you do work for SlideME by the way? I checked. Markus you do work for SlideME. You should have disclosed this information. -- Shane Isbell (Founder of ZappMarket) http://twitter.com/sisbell http://twitter.com/zappstore http://zappmarket.com -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
As an aside, why don't google provide their own official API to allow apps to check with the market whether they've been purchased or not ? Perhaps it's the 'any security which can be conceivably broken is useless' line ? I would be happy with any protection mechanism which forced my apk to be hacked in order to install it on a non-rooted phone, instead of the current 'just copy it over, it'll work fine' situation. I don't need 100% security. Lee -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
I most certainly did NOT use code from that project. I rolled my own, thank you very much. Take a look at that project. It's over 600k. AAL is 36k. I wrote my own implementation of ProtoBuf to pull this off, and that is no small undertaking. I did initially consider using that project, but came to the conclusion fairly quickly that it was just too fat. There is not a single piece of code from that project in AAL. On May 6, 3:36 am, a1 arco...@gmail.com wrote: On May 5, 8:09 pm, dadical keyes...@gmail.com wrote: Hey Tim. You're correct that validating purchase with the market is a key piece of our solution. Figuring out how exactly to do that using Google's binary market protocol in an efficient way (try doing everything that AAL does in a 35 KB library) was a fairly significant dev effort. What's more, balancing license generation, market API security, cross- Android version compatibility, customization, etc., and you've got a nice little chunk of work that we put into this solution. As for pricing, we'll see what the market will support. In our own single app Screebl, we lose about $100/day in revenue to pirated apps, so $50 seems cheap. I know that not all of that $100 will translate into sales, but some percentage will. My point is it shouldn't take long for AAL to pay for itself. Are you kidding me? You used code from this project:http://code.google.com/p/android-market-api/[you even left the same UA spoof], and whats more important you are trying to charge for solution that uses undocuemented google APIs (hence illegal), which not only may change at any time but also using it may be legitimate reason to block app from android market. -- Bart Janusz (Beepstreet) -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
Hello Lee. Regardless of whether anyone purchases AAL, it has been a worthwhile investment for us. It took several days (almost a week) for crackers to decompile Screebl Pro and find a way to circumvent AAL. Typically it takes about 90 secs from the time that we publish to the market for the various warez sites to start tweeting the location of the download. I have a feeling that the open source market api is involved in that scenario for sure. As you've said, AAL is not fail proof, but I continue to improve it, and my latest releases will make it even more challenging to reverse engineer. AAL is a big stumbling block, but a market API alone is not worthy of a Google anti-piracy solution. They will need to do the same as AAL but also go much further to guarantee that apks aren't modified (e.g., cracked). One way to to do this would be to have the platform calculate a hash of the installed apk and validate that against what was purchased on the market. This is going to require deep integration in the platform and the market to kick it in the arse for good. Loving the feedback! On May 7, 6:09 am, Lee lee.wil...@googlemail.com wrote: As an aside, why don't google provide their own official API to allow apps to check with the market whether they've been purchased or not ? Perhaps it's the 'any security which can be conceivably broken is useless' line ? I would be happy with any protection mechanism which forced my apk to be hacked in order to install it on a non-rooted phone, instead of the current 'just copy it over, it'll work fine' situation. I don't need 100% security. Lee -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
You've pretty much got the major parts down. We validate with Google market servers using a hand-rolled and highly-efficient implementation of Google's binary protobuf protocol. Once the hard part (validation of purchase) is done, a unique key that is tied to user, phone, and app is generated, which is valid for a bit more than 24 hours. After that 24 hour period, purchase validation is done again, and then a permanent key is generated that doesn't require communication with the server again for that installation of the app on that phone. If the user changes phones, the same process will repeat. Successful licensing requires visibility of the app from the device on Android market, given the device id, build number and other criteria. AAL makes efforts to never send a request to the server more than once every 30 seconds. Failure policy is up to the developer. I suggest at this point using a nag policy, which won't lock the user out, but forces them to stare at a buy my app invitation for some configurable period of time. As with all of my software however, things like this are configurable. There are also other features that I'm not going to cover here that make an attempt detect cracking, and disable the app at some random time in the future if it is detected. I'm going to be iterating on this stuff over the next few weeks as the evil-doers take swings at AAL. Hope that helps! I'm going to be scrambling to write docs this weekend. At this point there seems to be lots of interest, but little willingness to bundle in apps. I suppose I understand that given the newness and the lack of detailed information. Dave On May 6, 2:22 am, Edward Falk ed.f...@gmail.com wrote: Intriguing. I was wondering if maybe you could add a blurb to your web site explaining in simple terms how it works. E.g. when the API is called, it communicates with the Android Market to verify your key; once verified, the verification code is remembered so that no further calls to the market are needed. Or perhaps instead of Android Market, it's our servers. Or whatever. How *does* it work? And if it's your servers (or even the Android Market), what happens to users when the servers go down? This is the biggest problem with any kind of server-based DRM. Do they lose their apps? Is there an alternative recovery plan? -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
Shane, You must be using your signature for the same? Looks like you are just trying to cast some vague doubts on SlideLock and SlideME [...] I prefer to stop here. The feedback from SlideME is valid, and the author welcomes it, otherwise why would he open such a thread? Is spreading a word about technologies a crime? And feedback too? In the end it is all about Google not sustaining their services, while there is such a big demand... Cheers, Markus. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
I like the idea. And the licensing price isn't bad if it meets ones needs. I'm looking myself for a solution that will unlock a time limited version. It's been discussed how some are using a license key app to unlock a demo app. I suppose this scheme could work if you put the purchase verification into the the license key app. It's worth asking, has anyone used the Google Checkout API for purchase verification? I wanted to know before I explore that too far. Nathan -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
Intriguing. I was wondering if maybe you could add a blurb to your web site explaining in simple terms how it works. E.g. when the API is called, it communicates with the Android Market to verify your key; once verified, the verification code is remembered so that no further calls to the market are needed. Or perhaps instead of Android Market, it's our servers. Or whatever. How *does* it work? And if it's your servers (or even the Android Market), what happens to users when the servers go down? This is the biggest problem with any kind of server-based DRM. Do they lose their apps? Is there an alternative recovery plan? -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
How about users who go from using a paid-app-country sim card to a non- paid-app-country sim card? In such a case, the app is no longer visible on the Market? I guess your answer to this would be its up to the developer to decide how to handle such a license check failure but in reality the user would demand that the app still works and so the dev would be pretty much forced on the issue: i.e. validate once straight after install and then future fails are allowed. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
On May 5, 8:09 pm, dadical keyes...@gmail.com wrote: Hey Tim. You're correct that validating purchase with the market is a key piece of our solution. Figuring out how exactly to do that using Google's binary market protocol in an efficient way (try doing everything that AAL does in a 35 KB library) was a fairly significant dev effort. What's more, balancing license generation, market API security, cross- Android version compatibility, customization, etc., and you've got a nice little chunk of work that we put into this solution. As for pricing, we'll see what the market will support. In our own single app Screebl, we lose about $100/day in revenue to pirated apps, so $50 seems cheap. I know that not all of that $100 will translate into sales, but some percentage will. My point is it shouldn't take long for AAL to pay for itself. Are you kidding me? You used code from this project: http://code.google.com/p/android-market-api/ [you even left the same UA spoof], and whats more important you are trying to charge for solution that uses undocuemented google APIs (hence illegal), which not only may change at any time but also using it may be legitimate reason to block app from android market. -- Bart Janusz (Beepstreet) -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: I've found a way to stop piracy of my apps
I believe that every DRM is something that IMHO Google HAVE to SOLVE. Every independent solution is just a hack that may stop working anytime Google wants. Sorry. Tom On Thu, May 6, 2010 at 9:22 AM, westmeadboy westmead...@yahoo.co.uk wrote: How about users who go from using a paid-app-country sim card to a non- paid-app-country sim card? In such a case, the app is no longer visible on the Market? I guess your answer to this would be its up to the developer to decide how to handle such a license check failure but in reality the user would demand that the app still works and so the dev would be pretty much forced on the issue: i.e. validate once straight after install and then future fails are allowed. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.comandroid-developers%2bunsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -- --- Tom Hubalek (tom.huba...@gmail.com), http://blog.hubalek.net/ http://facebook.com/thubalek, http://twitter.com/thubalek http://www.linkedin.com/in/thubalek -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
It uses this project: http://code.google.com/p/android-market-api/, you can do same, just note that in proto purchased field is missing, but you can simply extend App message in market.proto, purchased field has id 34. -- Regards, Bart Janusz (Beepstreet) On May 6, 8:22 am, Edward Falk ed.f...@gmail.com wrote: Intriguing. I was wondering if maybe you could add a blurb to your web site explaining in simple terms how it works. E.g. when the API is called, it communicates with the Android Market to verify your key; once verified, the verification code is remembered so that no further calls to the market are needed. Or perhaps instead of Android Market, it's our servers. Or whatever. How *does* it work? And if it's your servers (or even the Android Market), what happens to users when the servers go down? This is the biggest problem with any kind of server-based DRM. Do they lose their apps? Is there an alternative recovery plan? -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
As you could also note - there is nothing in Android-Market-Api's license against this type of use. Whether he used their code or not - I'm not sure, but basing it off of the User Agent is sort of a big leap of conclusions. That user agent is pretty common on the android devices ;) It's not as if the user-agent is Android-Market-Api-v1. -Tim On May 6, 3:47 am, a1 arco...@gmail.com wrote: It uses this project:http://code.google.com/p/android-market-api/, you can do same, just note that in proto purchased field is missing, but you can simply extend App message in market.proto, purchased field has id 34. -- Regards, Bart Janusz (Beepstreet) On May 6, 8:22 am, Edward Falk ed.f...@gmail.com wrote: Intriguing. I was wondering if maybe you could add a blurb to your web site explaining in simple terms how it works. E.g. when the API is called, it communicates with the Android Market to verify your key; once verified, the verification code is remembered so that no further calls to the market are needed. Or perhaps instead of Android Market, it's our servers. Or whatever. How *does* it work? And if it's your servers (or even the Android Market), what happens to users when the servers go down? This is the biggest problem with any kind of server-based DRM. Do they lose their apps? Is there an alternative recovery plan? -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
On May 6, 9:18 pm, strazzere str...@gmail.com wrote: As you could also note - there is nothing in Android-Market-Api's license against this type of use. Yes there is, google APIs services in point 5.3 states that you are not allowed to use undocumented APIs: 5.3 You agree not to access (or attempt to access) any of the Services by any means other than through the interface that is provided by Google, unless you have been specifically allowed to do so in a separate agreement with Google. You specifically agree not to access (or attempt to access) any of the Services through any automated means (including use of scripts or web crawlers) and shall ensure that you comply with the instructions set out in any robots.txt file present on the Services. moreover in point 5.5: 5.5 Unless you have been specifically permitted to do so in a separate agreement with Google, you agree that you will not reproduce, duplicate, copy, sell, trade or resell the Services for any purpose. Whether he used their code or not - I'm not sure, but basing it off of the User Agent is sort of a big leap of conclusions. That user agent is pretty common on the android devices ;) No, each device uses different UA string when executing market request (it contains device name and build id), therefore there is a lot of possible combination that can be used. Also library that this guy try to sell is based on google's protobuf, which android market api project also uses. Don't get me wrong I have game on android market, it features online highscore and each online highscore entry stores AID (for identification purposes), with 10k legitimate copies I've counted 16k distinct AIDs in database that means that at lease 6k (probably more as not everybody uses highscore) copies were pirated, so I'd really welcome some form of DRM, but charging $300 for lib that reuses some open source project (without mentioning it) and which legality is at least disputable (due to usage of undocumented google service) is kind of shady. -- Regards, Bart Janusz (Beepstreet) -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
Yes there is, google APIs services in point 5.3 states that you are not allowed to use undocumented APIs: Ah, I'm talking specifically about the google code project android- market-api. No, each device uses different UA string when executing market request (it contains device name and build id), therefore there is a lot of possible combination that can be used. Also library that this guy try to sell is based on google's protobuf, which android market api project also uses. I know and understand that - but that's the user-agent tossed around online all the time ;) Don't get me wrong I have game on android market, it features online highscore and each online highscore entry stores AID (for identification purposes), with 10k legitimate copies I've counted 16k distinct AIDs in database that means that at lease 6k (probably more as not everybody uses highscore) copies were pirated, so I'd really welcome some form of DRM, but charging $300 for lib that reuses some open source project (without mentioning it) and which legality is at least disputable (due to usage of undocumented google service) is kind of shady. I've already agreed it's pretty expensive for the idea that it is. There isn't really any proof that it is reusing the code - and even if it is, it isn't required by that license to disclose it. They should - if it is based off of it, but well, that's the world. There are tons of open source projects and even android specific ones people rip off and never even mention where the code comes from. As a side note to the legality of this DRM (i.e. using undocumented google service). I don't think this is a blip on googles radar - don't you think they'd have shut down the google-code project you think it's based off of first? My 2 cents - I'm not disagreeing with you, I think it's a big overcharge too :) -Tim -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
I don't think it's overcharge, BUT I think excusing for 'high' cost with high piracy doesn't sound fair. It sounds like piracy would help the sales of your product. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: I've found a way to stop piracy of my apps
On Thu, May 6, 2010 at 4:12 PM, appforce.org ogi.andr...@gmail.com wrote: It sounds like piracy would help the sales of your product. Care to elaborate on this golden nugget? - TreKing - Chicago transit tracking app for Android-powered devices http://sites.google.com/site/rezmobileapps/treking -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: I've found a way to stop piracy of my apps
I imagine he means: Without any piracy, dadical wouldn't have anyone to sell his anti-piracy solution to. With more rampant piracy, he'll have a larger potential customer base - Dan On Thu, May 6, 2010 at 5:26 PM, TreKing treking...@gmail.com wrote: On Thu, May 6, 2010 at 4:12 PM, appforce.org ogi.andr...@gmail.comwrote: It sounds like piracy would help the sales of your product. Care to elaborate on this golden nugget? - TreKing - Chicago transit tracking app for Android-powered devices http://sites.google.com/site/rezmobileapps/treking -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.comandroid-developers%2bunsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: I've found a way to stop piracy of my apps
On Thu, May 6, 2010 at 4:29 PM, Dan Sherman impact...@gmail.com wrote: I imagine he means: Without any piracy, dadical wouldn't have anyone to sell his anti-piracy solution to. With more rampant piracy, he'll have a larger potential customer base Ah, that makes much more sense than having your app pirated helps your app sales, which is what I got from reading that statement. I was confused =P Don't mind me - carry on. - TreKing - Chicago transit tracking app for Android-powered devices http://sites.google.com/site/rezmobileapps/treking -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
I suggest that before anyone implements this licensing scheme, they consider carefully that it does in fact break the terms agreement in that it uses an unpublished and private API to access the Android market servers. With that said, I would also say that it's highly likely that Google will make the market API public soon, perhaps as soon as this month during Google IO. Keep that in mind before putting the cart before the horse with this well intentioned but perhaps premature licensing scheme. -John Coryat On May 6, 2:47 am, a1 arco...@gmail.com wrote: It uses this project:http://code.google.com/p/android-market-api/, you can do same, just note that in proto purchased field is missing, but you can simply extend App message in market.proto, purchased field has id 34. -- Regards, Bart Janusz (Beepstreet) On May 6, 8:22 am, Edward Falk ed.f...@gmail.com wrote: Intriguing. I was wondering if maybe you could add a blurb to your web site explaining in simple terms how it works. E.g. when the API is called, it communicates with the Android Market to verify your key; once verified, the verification code is remembered so that no further calls to the market are needed. Or perhaps instead of Android Market, it's our servers. Or whatever. How *does* it work? And if it's your servers (or even the Android Market), what happens to users when the servers go down? This is the biggest problem with any kind of server-based DRM. Do they lose their apps? Is there an alternative recovery plan? -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
Non-Android Market solutions would be more interesting to me. I'd like some way to stick an apk on my website and allow users to pay using paypal. Everything else would work seamlessly... On May 4, 11:20 pm, dadical keyes...@gmail.com wrote: I've spent the last few weeks developing a new tool to stop piracy of my paid apps on the Android Market. In a nutshell, licensing is tied directly to purchase verification. There is no license server to manage, no key for the user to enter. User experience is basically uninterrupted from normal application purchase. I'm excited about this, as my paid apps are now reaching piracy rates as high as 90% on some days,with the average somewhere around 75%. For pirated apps, purchase verification (and subsequently licensing) will fail after a certain number of attempts, and pirates will be left with anything from a buy me nag, to a disabled app (behavior is configurable). Android Market is the only supported purchase validation target so far. Others will be forthcoming if demand warrants. This isn't a perfect solution (I have yet to find a perfect licensing solution), but I feel it is the best balance of security, features, and workflow that I've seen to date. You can find a write up, download, and purchasing information here:http://keyeslabs.com/joomla/index.php/projects/auto-app-licensing I'll be looking forward to the comments, suggestions, and death threats. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
That's a cool use case, but I'm curious about how commonly people sell apps that way. Are you doing this because of the limitations of where Android offers paid apps? Is it because of the costs involved in doing transactions on Android Market? I think that the value offered by Android Market only begins to be realized when your app makes into the rotation within the top 25 or so of any particular category. Said another way, 30% overhead is worth it if your volume is high enough. AAL is modular and can have additional validation targets, so doing validation through PayPal should be possible, although authentication would be the sticky part. AAL works so well with Android Market because it can use the user's existing account credentials when validating the purchase (i.e., no username/password required). On May 5, 7:48 am, westmeadboy westmead...@yahoo.co.uk wrote: Non-Android Market solutions would be more interesting to me. I'd like some way to stick an apk on my website and allow users to pay using paypal. Everything else would work seamlessly... On May 4, 11:20 pm, dadical keyes...@gmail.com wrote: I've spent the last few weeks developing a new tool to stoppiracyof my paid apps on the Android Market. In a nutshell, licensing is tied directly to purchase verification. There is no license server to manage, no key for the user to enter. User experience is basically uninterrupted from normal application purchase. I'm excited about this, as my paid apps are now reachingpiracyrates as high as 90% on some days,with the average somewhere around 75%. For pirated apps, purchase verification (and subsequently licensing) will fail after a certain number of attempts, and pirates will be left with anything from a buy me nag, to a disabled app (behavior is configurable). Android Market is the only supported purchase validation target so far. Others will be forthcoming if demand warrants. This isn't a perfect solution (I have yet to find a perfect licensing solution), but I feel it is the best balance of security, features, and workflow that I've seen to date. You can find a write up, download, and purchasing information here:http://keyeslabs.com/joomla/index.php/projects/auto-app-licensing I'll be looking forward to the comments, suggestions, and death threats. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
My apps haven't reached piracy rates that high (yet). But i'll keep an eye on your solution :-) Keep us updated. On May 4, 5:20 pm, dadical keyes...@gmail.com wrote: I've spent the last few weeks developing a new tool to stop piracy of my paid apps on the Android Market. In a nutshell, licensing is tied directly to purchase verification. There is no license server to manage, no key for the user to enter. User experience is basically uninterrupted from normal application purchase. I'm excited about this, as my paid apps are now reaching piracy rates as high as 90% on some days,with the average somewhere around 75%. For pirated apps, purchase verification (and subsequently licensing) will fail after a certain number of attempts, and pirates will be left with anything from a buy me nag, to a disabled app (behavior is configurable). Android Market is the only supported purchase validation target so far. Others will be forthcoming if demand warrants. This isn't a perfect solution (I have yet to find a perfect licensing solution), but I feel it is the best balance of security, features, and workflow that I've seen to date. You can find a write up, download, and purchasing information here:http://keyeslabs.com/joomla/index.php/projects/auto-app-licensing I'll be looking forward to the comments, suggestions, and death threats. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
Looking at your documentation, I'm assuming your making a call to the market requesting the state of the application -- if I'm wrong, then just disregard this information. If I'm right, I guess my only question is why are you charging so much information for such a simplistic method? Don't get me wrong - that method would probably be the best one I've seen yet on the market, but that's still a nice chunk of money to charge for it. -Tim On May 4, 5:20 pm, dadical keyes...@gmail.com wrote: I've spent the last few weeks developing a new tool to stop piracy of my paid apps on the Android Market. In a nutshell, licensing is tied directly to purchase verification. There is no license server to manage, no key for the user to enter. User experience is basically uninterrupted from normal application purchase. I'm excited about this, as my paid apps are now reaching piracy rates as high as 90% on some days,with the average somewhere around 75%. For pirated apps, purchase verification (and subsequently licensing) will fail after a certain number of attempts, and pirates will be left with anything from a buy me nag, to a disabled app (behavior is configurable). Android Market is the only supported purchase validation target so far. Others will be forthcoming if demand warrants. This isn't a perfect solution (I have yet to find a perfect licensing solution), but I feel it is the best balance of security, features, and workflow that I've seen to date. You can find a write up, download, and purchasing information here:http://keyeslabs.com/joomla/index.php/projects/auto-app-licensing I'll be looking forward to the comments, suggestions, and death threats. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
Hey Tim. You're correct that validating purchase with the market is a key piece of our solution. Figuring out how exactly to do that using Google's binary market protocol in an efficient way (try doing everything that AAL does in a 35 KB library) was a fairly significant dev effort. What's more, balancing license generation, market API security, cross- Android version compatibility, customization, etc., and you've got a nice little chunk of work that we put into this solution. As for pricing, we'll see what the market will support. In our own single app Screebl, we lose about $100/day in revenue to pirated apps, so $50 seems cheap. I know that not all of that $100 will translate into sales, but some percentage will. My point is it shouldn't take long for AAL to pay for itself. Dave On May 5, 1:23 pm, strazzere str...@gmail.com wrote: Looking at your documentation, I'm assuming your making a call to the market requesting the state of the application -- if I'm wrong, then just disregard this information. If I'm right, I guess my only question is why are you charging so much information for such a simplistic method? Don't get me wrong - that method would probably be the best one I've seen yet on the market, but that's still a nice chunk of money to charge for it. -Tim On May 4, 5:20 pm, dadical keyes...@gmail.com wrote: I've spent the last few weeks developing a new tool to stoppiracyof my paid apps on the Android Market. In a nutshell, licensing is tied directly to purchase verification. There is no license server to manage, no key for the user to enter. User experience is basically uninterrupted from normal application purchase. I'm excited about this, as my paid apps are now reachingpiracyrates as high as 90% on some days,with the average somewhere around 75%. For pirated apps, purchase verification (and subsequently licensing) will fail after a certain number of attempts, and pirates will be left with anything from a buy me nag, to a disabled app (behavior is configurable). Android Market is the only supported purchase validation target so far. Others will be forthcoming if demand warrants. This isn't a perfect solution (I have yet to find a perfect licensing solution), but I feel it is the best balance of security, features, and workflow that I've seen to date. You can find a write up, download, and purchasing information here:http://keyeslabs.com/joomla/index.php/projects/auto-app-licensing I'll be looking forward to the comments, suggestions, and death threats. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
Dave, Glad to hear it's paying for itself already! It's definitely a cleaver use for the market api - wish I'd thought of it myself. This should definitely slow down pirates - as it would require direct patching of the apk file as an intervention. Using the market api should also alleviate any issues regarding switching phones etc, as long as that users keeps the same account activated. On a side note - it would seam the weak part of your code might be the licensing system at this point would be whatever you've implemented for your SDK itself. Obviously you can't rely on the market for that piece :) Bravo - and best of luck. -Tim On May 5, 2:09 pm, dadical keyes...@gmail.com wrote: Hey Tim. You're correct that validating purchase with the market is a key piece of our solution. Figuring out how exactly to do that using Google's binary market protocol in an efficient way (try doing everything that AAL does in a 35 KB library) was a fairly significant dev effort. What's more, balancing license generation, market API security, cross- Android version compatibility, customization, etc., and you've got a nice little chunk of work that we put into this solution. As for pricing, we'll see what the market will support. In our own single app Screebl, we lose about $100/day in revenue to pirated apps, so $50 seems cheap. I know that not all of that $100 will translate into sales, but some percentage will. My point is it shouldn't take long for AAL to pay for itself. Dave On May 5, 1:23 pm, strazzere str...@gmail.com wrote: Looking at your documentation, I'm assuming your making a call to the market requesting the state of the application -- if I'm wrong, then just disregard this information. If I'm right, I guess my only question is why are you charging so much information for such a simplistic method? Don't get me wrong - that method would probably be the best one I've seen yet on the market, but that's still a nice chunk of money to charge for it. -Tim On May 4, 5:20 pm, dadical keyes...@gmail.com wrote: I've spent the last few weeks developing a new tool to stoppiracyof my paid apps on the Android Market. In a nutshell, licensing is tied directly to purchase verification. There is no license server to manage, no key for the user to enter. User experience is basically uninterrupted from normal application purchase. I'm excited about this, as my paid apps are now reachingpiracyrates as high as 90% on some days,with the average somewhere around 75%. For pirated apps, purchase verification (and subsequently licensing) will fail after a certain number of attempts, and pirates will be left with anything from a buy me nag, to a disabled app (behavior is configurable). Android Market is the only supported purchase validation target so far. Others will be forthcoming if demand warrants. This isn't a perfect solution (I have yet to find a perfect licensing solution), but I feel it is the best balance of security, features, and workflow that I've seen to date. You can find a write up, download, and purchasing information here:http://keyeslabs.com/joomla/index.php/projects/auto-app-licensing I'll be looking forward to the comments, suggestions, and death threats. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
On May 5, 4:21 pm, dadical keyes...@gmail.com wrote: That's a cool use case, but I'm curious about how commonly people sell apps that way. Are you doing this because of the limitations of where Android offers paid apps? Is it because of the costs involved in doing transactions on Android Market? There are lots of apps sold in China that way. Most Android devices in China don't come with the Android Market and those that do, don't have access to paid apps. About 70% of my users are not able to buy apps through the Android Market. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
I'm not sure how many developers will like your licensing terms, especially the bit which prevents them from creating any form of licensing solution of their own if they download your app. It's also worth noting that you're statement preventing reverse-engineer doesn't hold water in many jurisdictions (e.g. Europe where Article 6 of the European Software Directive specifically allows it for certain reasons, have a look about half way down the article at http://www.aplf.org/mailer/issue113.html). Don't get me wrong, it's always good to see innovation in this field, but you might want to ease up on your license a little. Al. On May 5, 7:09 pm, dadical keyes...@gmail.com wrote: Hey Tim. You're correct that validating purchase with the market is a key piece of our solution. Figuring out how exactly to do that using Google's binary market protocol in an efficient way (try doing everything that AAL does in a 35 KB library) was a fairly significant dev effort. What's more, balancing license generation, market API security, cross- Android version compatibility, customization, etc., and you've got a nice little chunk of work that we put into this solution. As for pricing, we'll see what the market will support. In our own single app Screebl, we lose about $100/day in revenue to pirated apps, so $50 seems cheap. I know that not all of that $100 will translate into sales, but some percentage will. My point is it shouldn't take long for AAL to pay for itself. Dave On May 5, 1:23 pm, strazzere str...@gmail.com wrote: Looking at your documentation, I'm assuming your making a call to the market requesting the state of the application -- if I'm wrong, then just disregard this information. If I'm right, I guess my only question is why are you charging so much information for such a simplistic method? Don't get me wrong - that method would probably be the best one I've seen yet on the market, but that's still a nice chunk of money to charge for it. -Tim On May 4, 5:20 pm, dadical keyes...@gmail.com wrote: I've spent the last few weeks developing a new tool to stoppiracyof my paid apps on the Android Market. In a nutshell, licensing is tied directly to purchase verification. There is no license server to manage, no key for the user to enter. User experience is basically uninterrupted from normal application purchase. I'm excited about this, as my paid apps are now reachingpiracyrates as high as 90% on some days,with the average somewhere around 75%. For pirated apps, purchase verification (and subsequently licensing) will fail after a certain number of attempts, and pirates will be left with anything from a buy me nag, to a disabled app (behavior is configurable). Android Market is the only supported purchase validation target so far. Others will be forthcoming if demand warrants. This isn't a perfect solution (I have yet to find a perfect licensing solution), but I feel it is the best balance of security, features, and workflow that I've seen to date. You can find a write up, download, and purchasing information here:http://keyeslabs.com/joomla/index.php/projects/auto-app-licensing I'll be looking forward to the comments, suggestions, and death threats. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
Thanks for the feedback Al. My intent wasn't to forbid anyone from creating their own licensing options after downloading AAL, just that they can't reverse engineer it, copy it, change the name, etc. I'll look into improving the wording... Dave On May 5, 2:32 pm, Al Sutton a...@funkyandroid.com wrote: I'm not sure how many developers will like your licensing terms, especially the bit which prevents them from creating any form of licensing solution of their own if they download your app. It's also worth noting that you're statement preventing reverse-engineer doesn't hold water in many jurisdictions (e.g. Europe where Article 6 of the European Software Directive specifically allows it for certain reasons, have a look about half way down the article athttp://www.aplf.org/mailer/issue113.html). Don't get me wrong, it's always good to see innovation in this field, but you might want to ease up on your license a little. Al. On May 5, 7:09 pm, dadical keyes...@gmail.com wrote: Hey Tim. You're correct that validating purchase with the market is a key piece of our solution. Figuring out how exactly to do that using Google's binary market protocol in an efficient way (try doing everything that AAL does in a 35 KB library) was a fairly significant dev effort. What's more, balancing license generation, market API security, cross- Android version compatibility, customization, etc., and you've got a nice little chunk of work that we put into this solution. As for pricing, we'll see what the market will support. In our own single app Screebl, we lose about $100/day in revenue to pirated apps, so $50 seems cheap. I know that not all of that $100 will translate into sales, but some percentage will. My point is it shouldn't take long for AAL to pay for itself. Dave On May 5, 1:23 pm, strazzere str...@gmail.com wrote: Looking at your documentation, I'm assuming your making a call to the market requesting the state of the application -- if I'm wrong, then just disregard this information. If I'm right, I guess my only question is why are you charging so much information for such a simplistic method? Don't get me wrong - that method would probably be the best one I've seen yet on the market, but that's still a nice chunk of money to charge for it. -Tim On May 4, 5:20 pm, dadical keyes...@gmail.com wrote: I've spent the last few weeks developing a new tool to stoppiracyof my paid apps on the Android Market. In a nutshell, licensing is tied directly to purchase verification. There is no license server to manage, no key for the user to enter. User experience is basically uninterrupted from normal application purchase. I'm excited about this, as my paid apps are now reachingpiracyrates as high as 90% on some days,with the average somewhere around 75%. For pirated apps, purchase verification (and subsequently licensing) will fail after a certain number of attempts, and pirates will be left with anything from a buy me nag, to a disabled app (behavior is configurable). Android Market is the only supported purchase validation target so far. Others will be forthcoming if demand warrants. This isn't a perfect solution (I have yet to find a perfect licensing solution), but I feel it is the best balance of security, features, and workflow that I've seen to date. You can find a write up, download, and purchasing information here:http://keyeslabs.com/joomla/index.php/projects/auto-app-licensing I'll be looking forward to the comments, suggestions, and death threats. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to
Re: [android-developers] Re: I've found a way to stop piracy of my apps
Dear dadical, * *I salute your initiative and congratulate your efforts in the anti-piracy conflict. Digital Rights Management was never an easy adventure. Nowadays, everything can be broken by using different methods. Some fall easier, some do harder. However, I do not intend to highlight this in your licensing API. I have few thoughts for your licensing approach, as follows : 1. I as an end-user cannot welcome the disclosure of accounts/credentials, which by design are required for your module to work (android.permission.GET_ACCOUNTS, android.permission.USE_CREDENTIALS). Those in combination with android.permission.INTERNET makes me highly worried about first at all possible scam. A simple example would be : I write an application and claim I am using your 'licensing module' so the end-user is installing my app thanks to trusting you. Then I do whatever I want with that. - Based on the above, I as a Vendor can not embrace the permission enforcement for such disclosure of private data in my products - What if there is a shared account? This will work on all devices that have that user credentials? 2. You have reversely-engineered the Android Market Transfer Protocol and Markup Language for purchase verification. - Do you have the guarantee that Google will not change the protocol and your module will not fail? - You will most likely need to reversely engineer the protocol/language again and come with an updated version. How about the time frame you need to fix this and the clients unable to use the application? 3. Is your module legit? For how long? What guarantees can you grant? There could be more but for now this is all that came in my mind. On the other hand, have you heard of http://slideme.org/slidelockhttps://slideme.org/slidelock that can be used today for protecting applications for global distribution where there is no Android Market? George -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: I've found a way to stop piracy of my apps
Hey George. I have looked at SlideMe and SlideLock. It's great but doesn't fit my use cases for my apps, nor, I would suspect many others looking for simple licensing solutions that mesh well with Android Market. Permissions are a pain, aren't they? It is what it is, and devs will have to evaluate that when considering AAL. For anyone who wants to use credentials for a backend system (which is becoming more and more common) this is the best possible approach. Until Google gives us a bit more control over the Android Account API, and finer-grained interface to the permissions capabilities of Android, there's not much that can be done to improve on this for this particular approach. Something to consider: - users NEVER give access to their user id or password, they just grant the app permission to act using their idenity with the market for validation of purchase As for the reverse engineering of the market API, of course Google can change it. However, they also depend on that API, and have many, many apps out on different versions of Android that depend on it. I would expect this to remain relatively stable. Devs that use AAL can configure their app's policy on what to do if validation fails, including anything from lock out to nag, so risk to end users can be controlled. Thanks for your feedback and contrasting points with SlideMe's technologies. Dave On May 5, 4:01 pm, George | SlideME george.slid...@gmail.com wrote: Dear dadical, * *I salute your initiative and congratulate your efforts in the anti-piracy conflict. Digital Rights Management was never an easy adventure. Nowadays, everything can be broken by using different methods. Some fall easier, some do harder. However, I do not intend to highlight this in your licensing API. I have few thoughts for your licensing approach, as follows : 1. I as an end-user cannot welcome the disclosure of accounts/credentials, which by design are required for your module to work (android.permission.GET_ACCOUNTS, android.permission.USE_CREDENTIALS). Those in combination with android.permission.INTERNET makes me highly worried about first at all possible scam. A simple example would be : I write an application and claim I am using your 'licensing module' so the end-user is installing my app thanks to trusting you. Then I do whatever I want with that. - Based on the above, I as a Vendor can not embrace the permission enforcement for such disclosure of private data in my products - What if there is a shared account? This will work on all devices that have that user credentials? 2. You have reversely-engineered the Android Market Transfer Protocol and Markup Language for purchase verification. - Do you have the guarantee that Google will not change the protocol and your module will not fail? - You will most likely need to reversely engineer the protocol/language again and come with an updated version. How about the time frame you need to fix this and the clients unable to use the application? 3. Is your module legit? For how long? What guarantees can you grant? There could be more but for now this is all that came in my mind. On the other hand, have you heard ofhttp://slideme.org/slidelockhttps://slideme.org/slidelock that can be used today for protecting applications for global distribution where there is no Android Market? George -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: I've found a way to stop piracy of my apps
On Wed, May 5, 2010 at 1:35 PM, dadical keyes...@gmail.com wrote: Hey George. I have looked at SlideMe and SlideLock. It's great but doesn't fit my use cases for my apps, nor, I would suspect many others looking for simple licensing solutions that mesh well with Android Market. Permissions are a pain, aren't they? It is what it is, and devs will have to evaluate that when considering AAL. For anyone who wants to use credentials for a backend system (which is becoming more and more common) this is the best possible approach. Until Google gives us a bit more control over the Android Account API, and finer-grained interface to the permissions capabilities of Android, there's not much that can be done to improve on this for this particular approach. Something to consider: - users NEVER give access to their user id or password, they just grant the app permission to act using their idenity with the market for validation of purchase As for the reverse engineering of the market API, of course Google can change it. However, they also depend on that API, and have many, many apps out on different versions of Android that depend on it. I would expect this to remain relatively stable. Devs that use AAL can configure their app's policy on what to do if validation fails, including anything from lock out to nag, so risk to end users can be controlled. Thanks for your feedback and contrasting points with SlideMe's technologies. Did SlideME contrast anything with its own technologies? Looks as though they are just trying to cast some vague doubts on AAL and KeyesLabs, without understanding of what KeyesLabs is doing or the problem they are trying to solve. -- Shane Isbell (Founder of ZappMarket) http://twitter.com/sisbell http://twitter.com/zappstore http://zappmarket.com -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en