通过检查getInstallerPackageName来检查安装付费android应用程序的合法性是否可行？ [英] Is it ok to check legality of installing paid android app by checking getInstallerPackageName?

问题描述

为了确保我的付费android应用程序是从商店合法安装的，我编写了这样的代码：

  String installer = getPackageManager（） .getInstallerPackageName（
com.example.myapp）; 
 
 if（installer == null）{
 // app是从未知来源非法下载的。 
 //亲爱的用户，请从市场
} 
重新安装它$ {b $ b // app可能是合法安装
 //（也很好检查实际的安装程序名称）
} 
  

可以吗？从市场上合法购买和安装的应用程序是否有机会获得空的安装程序包名称并且未通过此测试？

我知道用户可以运行 adb -i com.fake.installer myapp.apk 并通过此检查，但是如果合法用户可能会遇到潜在问题，则更为重要。

解决方案

您不应该使用 PackageManager＃getInstallerPackageName 来检查应用是否从Google Play或用于许可的原因如下：

1）安装程序包名可以在将来更改。例如，安装程序包名称使用com.google.android.feedback（请参阅这里），现在它是com.android.vending。

2）检查安装程序软件包的盗版原因等同于使用Base64来加密密码 - 这是一个糟糕的做法。

$ b 3） 合法购买应用程序的用户可以侧载APK或从另一个未设置正确安装程序软件包名称的备份应用程序恢复它，并获得许可证检查错误。这很可能会导致错误的评论。

4）正如您所提到的，盗版者可以在安装APK时简单设置安装程序包名。 / p>

---

您应该使用 App Licensing 或切换至应用内结算。

To ensure that my paid android application was legally installed from store, I write this:

String installer = getPackageManager().getInstallerPackageName(
        "com.example.myapp");

if (installer == null) {
    // app was illegally downloaded from unknown source. 
    // dear user, please re-install it from market
} 
else {
    // app was probably installed legally
    // (also it's good to check actual installer name)
}

Is it ok? Is there a chance that application that is legally purchased and installed from market will get empty installer package name and fail this test?

I understand that user can run adb -i com.fake.installer myapp.apk and pass this check, but it's more important if legal users will get potential problems or not.

解决方案

You should not use PackageManager#getInstallerPackageName to check if the app was installed from Google Play or for licensing purposes for the following reasons:

1) The installer packagename can change in the future. For example, the installer package name use to be "com.google.android.feedback" (see here) and now it is "com.android.vending".

2) Checking the installer packagename for piracy reasons is equivalent to using Base64 to encrypt passwords — it's simply bad practice.

3) Users who legally purchased the app can side-load the APK or restore it from another backup application which doesn't set the correct installer packagename and get a license check error. This will most likely lead to bad reviews.

4) Like you mentioned, pirates can simply set the installer packagename when installing the APK.

---

You should use App Licensing or switch to In-app Billing.

这篇关于通过检查getInstallerPackageName来检查安装付费android应用程序的合法性是否可行？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！