Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Copy-protection traps

Tags:

android

Just about to release a free version of my app and I'm looking towards the free-mium model to give extra options to users. However, I'm definitely worried about it being pirated too quickly for me to make any anything.

Does anybody have some quality copy-protection techniques for Android? And I'm not talking about the pos LVL that is provided. I'm looking for some sneaky traps to detect if my code has been tampered with. Any ideas welcome; gotta make it hard enough on them that its just not worth it.

like image 942
b_yng Avatar asked Aug 25 '11 03:08

b_yng

3 Answers

It will only get pirated if it's popular, so you have a long way to go :). Generally, obfuscate your code, don't use the LVL as is since there are tools that disable it automatically. Not sure what your idea of a 'sneaky trap' is, but watch this for some ideas on how to protect your app.

Those are mentioned in the video, but:

  • use ProGuard to obfuscate your code
  • to detect if your code has been changed, you can check the CRC of classes.dex or check if the APK has been signed with your certificate (if someone changes your code, they'll have to resign it). However the antilvl tool effectively disables the APIs you would use to check for tampering. So you need to do it in native code if you want it to be effective.
  • don't do your checks on startup, but later on so they are harder to detect.
  • if possible, have a server side component to your license/tampering checking. Think about how your app should behave if there is no network connection. Cache server responses? For how long? Deny access right away? Allow access always?, etc.
like image 165
Nikolay Elenkov Avatar answered Nov 09 '22 04:11

Nikolay Elenkov

Protection can always be broken, all you can do is make it harder to break. Something you might do would be writing some essential part(s) of your code in C and call it via the NDK. Then you can do some testing in there, because decompiling the C part will be much harder than decompiling bytecode.

like image 7
Kheldar Avatar answered Nov 09 '22 02:11

Kheldar

You can use ProGuard in eclipse to obfuscate your code. It optimizes, and obfuscates your code by removing unused code and renaming classes, fields, and methods with semantically obscure names. The result is a smaller sized .apk file that is more difficult to reverse engineer. That way your code will be more tamper proof.

Reference : developer.android

like image 6
Ronnie Avatar answered Nov 09 '22 03:11

Ronnie
Sign in to Comment

Related questions

Android: Pass gesture event to another view
How to stop an activity in android using intent?
BroadcastReceiver onReceive triggered when registered
Android studio does not run [closed]
Why are Loaders bad in Android
Google Play "Native platforms" showing commons-io-2.4.jar
How to test Android UI using IdlingResource when using Retrofit network requests
Clarification regarding Android "Attribute elevation is only used in API level 21 and higher"
How to disable CollapsingToolbar's collapse when scroll has not content?
Create STANDALONE Android Studio (1.5) library project
How to use image as button in ionic
How to put AdView in ConstraintLayout at bottom and below other stuff?
How to give background color to Group in Constraintlayout
Google Auth migrating to androidx: SignInHubActivity does not implement Lifecycle
Unresolved reference: NavArgs after added some arguments to destination
Android ViewModel and startActivity
Can a Flutter app be proposed on the Huawei AppGallery?
How to use ColorDrawable with ImageView?
Loading Cache when Offline in Android Webview
Jersey / Rest default character encoding

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!