Check if Android app connecting to server is the one you made [closed]

Question

Is it possible to check if my app, made with libGdx, is the one I made, when it connects to my server? I need to know this because I want to be able to check if people changed/cracked my app.

Or is it not possible for people to change my app, once it is on appstore / Google Play Store?

Answer 1

To check whether your app is the same or not is easy when you got both .apk files. Then you can calculate a hashcode over the binary data of the file. How to do that: How to calculate MD5 of a file.

If you do not have the apk files to compare, because some individual cracked your app, it's basically already too late and the only thing you can do is to add some serverside validation, but this still won't stop the hacker from generating any valid requests.

As a prevention for the future you could use ProGuard/DexGuard to obfuscate your application and make it harder (but not impossible) for a hacker to crack your app.

In total you can never be sure that your clients haven't been hacked. You need to apply server side validation and be paranoid all the time.

Answer 2

Why not look into Google Play Game Services Anti-piracy.

https://developers.google.com/games/services/android/antipiracy

This isn't the exact solution you're looking for, what you're looking for isn't really possible to pull off with 100% accuracy.

What this anti piracy will do: If they didn't buy your game from Google Play, then you can detect that and handle it however you want. Like have the app do nothing, or report to your server that this copy isn't legit.

In the end, you may need to try and use multiple different tactics.