Menu
I'm working on an application that requires a server to do most of the heavy lifting. I want to prevent pirated clients from sending requests to that server. Is there a way to send some identifier with the requests so that my server can ask the Android Market if someone with that id actually bought the app? How would I go about doing that?
Note that just protecting the app with LVL won't work, because people could fairly easily write an application to interface with the server and still provide the same functionality as the paid app.
958
First: There is no 100% security for anything you run on a device that is not under your control (like Android devices in your case).
You could make "abuse" harder by several measures:
IF you really really want to make it very hard you can issue a device-specific client-certificate (when the client buys your app) and use cert-based client authentication (defined in SSL standard) - you can invalidate the cert associated with the device if you see abuse without harm for the legitimate users of other devices...
62
Taken from my solution from this post Android Game Keeps Getting Hacked
Implement your own licensing library
I'd also refer you to check out this from Google I/O 2011 YouTube recording:
Evading Pirates and Stopping Vampires
EDIT:
The Presentation Notes from Evading Pirates and Stopping Vampires
Some basic keypoints
The presentation notes contain basic examples and direction for modification. In the youtube video though, there is discussion of server side authentication and how it relates to piracy and asset downloads etc. Specifically using a License Server, In App Billing and App Engine. But a good basis to learn from no matter how you choose to approach a solution.
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
