如何prevent应用偷窃(具体到Android应用程序)? [英] How to prevent application thievery (specific to Android applications)?
问题描述
我想知道什么preventing人偷我的应用程序(下载apk文件的副本,在网上,而不是购买它)最有效的方法。
我在一个特别(Droidbox)度过了一个很多的时间并不会释放同步,直到我可以保证,谁是提供的专业版非法拷贝的人AREN牛逼能。
任何人都实现这一点?我试过检查我的包签名经文的无符号副本签名,但它似乎是相同的 - 也许我做得不正确的位置。我不确定人们是否真正分发签署.apk文件在这种情况下,我不认为签名验证将努力开始...
请注意,这个问题是特定于Android市场的应用程序 - 区别在于,应用交付超出了我的手,我没有办法合法购买和非法下载的链接的<。 / P>
现在有新的谷歌应用程序许可使用。对于在 Android开发者博客阅读它更深层次的信息。
一个简短摘要:谷歌提供了一个库,使一个进程间调用手机上的市场客户。那么市场的客户会要求谷歌的服务器,如果登录的用户已经购买了应用程序,这个答案转发给你们。应该有你的开发配置文件的公钥,你需要加密连接到谷歌服务器的答案prevent欺骗。您还提供了一个应用程序和设备的独特ID与查询,使其不可能批准的查询转发到另一台设备,并建立一些像有人购买副本转发准予答案其它设备的授权代理。
目前,这项服务看起来很安全的保护,甚至在市场上更有价值的应用程序。我会试试看,也许回来,并留下一些信息后,我用它一点点。
如果您的应用程序是很受欢迎像EA的游戏或某事该wan't阻止用户破解它。破解应用程序总要有人买,然后解压缩APK,和编辑您的应用程序的字节code至认为市场发出一个正确的答案。新的字节code能装入另一个APK,可以每一个电话,让侧面装载上安装。 为了使这个困难,你总是可以尝试混淆你的apk文件,让你的字节code费解。
I was wondering what the most effective way of preventing people from stealing my application (downloading a copy of the .apk online rather than buying it).
I've spent a lot of time on one in particular (Droidbox) and won't be releasing Sync until I can guarantee that the people who are providing illegal copies of the pro version aren't able to.
Anyone implemented this? I've tried checking my package signature verses an the signature of an unsigned copy but it appears to be the same - perhaps I'm doing something incorrectly here. I'm unsure whether people actually distribute the signed .apk in which case I don't think signature validation would work to begin with...
Please note, this question is specific to Android Marketplace Applications - the difference being, application delivery is out of my hands and I have no way of linking between a legitimate purchase and an illegal download.
Now there is the new Google App Licensing available. For deeper information read about it in the android developer blog.
A short summary: Google provides a library that makes a inter process call to the market client on the phone. The market client will then ask the google servers if the signed in user has purchased the app and forward this answer to you. There should be a public key in you developer profile that you need to encrypt the connection to the google server to prevent spoofing of answers. You also provide a application and device unique id with the query to make it impossible to forward approved queries to another device and build something like an licensing proxy with one bought copy forwarding the IS LICENSED answers to other devices.
At the moment this service looks secure enough to protect even the more valuable apps in the market. I will give it a try and maybe come back and leave some more informations after I used it a little bit.
If your app is really popular like an EA game or something this wan't stop users from hacking it. To hack the app somebody has to buy it, then unzip the apk, and edit the bytecode of your app to think that the market send a correct answer. The new byte code can be packed into another apk and can be installed on every phone that allows side loading. To make this harder you can always try to obfuscate your apk and make your bytecode hard to understand.
这篇关于如何prevent应用偷窃(具体到Android应用程序)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
