Apps Can you keep your paid app from updating illegally installed apk?

[tdieckman]

There was a post about whether someone who gets your paid app's apk file for free will be able to continue to get updates without having to pay from the Market. The thread was closed by a moderator: http://androidforums.com/android-applications/65038-can-you-update-free-paid-app.html

While I can kind of understand why the moderator closed the thread, as a developer about to release a paid application, I was interested in reading what was being posted about this being true or not.

So I know that my apk file is protected, but for rooted users, they can get to it, so it's inevitable that my app could end up sent around for free too. Is there some way we developers are protected in the Market against free updates? If the Market doesn't do this, does anyone know of or have any ideas about how developers could protect their updates?

 

[hood420]

There is no way that I'm aware of that you can get market updates on any app not installed through the market. I suppose it could be possible though, when you restore your apps through Titanium backup it also restores them under your market downloads.

 

[KlaymenDK]

I do agree that your particular question is very interesting, but even though I don't know the answer I can share some information which will hopefully be helpful to you.

For one thing, bluenova and Szadzik both seem very confident, and yet they disagree. What does that mean? You should probably PM them and pick their brains about it. I'm not objecting to the other thread getting closed, but not talking about a problem is a poor solution to it, so I feel that taking this offline would be a loss for the rest of us.

There are two perspectives at work here: how you obtain the app in the first place (or update it, which is technically the same thing), and how it will work once you have it.

The Android security model is focused on controlling what an app can do on your phone.
The Android security model simply does not attempt to manage what you can do with your apps. To put it bluntly: there is no DRM. Frankly speaking, this is one of the reasons I chose Android -- I'm certainly no pirate, but I do like to know that I'm in control of my own stuff.

So, assuming (for the sake of argument) that an app can indeed be moved to another phone: how it'll work there is not an Android issue but sadly more a matter of application-specific implementation. This is a pain for developers, and many have already blogged about it. So how do you protect yourself against it?

Well, one option is a call-home verification system, but that obviously has a bad reputation and lots of broken use cases.

On PalmOS, it was a common sight to see apps generate some code based on the Hotsync user name (which, for Android, is very analogous to a GMail account), and have the user communicate (say, via email, or a web portal) with the vendor to obtain an unlocking code -- a given code would work on any device with the appropriate user name, so piracy would only be effective if you shared the same user name around as well. With Android, since the user name is a Google account, sharing seems very impractical. At the same time, it treats users fairly when they eventually migrate to another (newer) phone.

The only drawback with the code-response method is that you need to maintain a challenge-response system with your customers (note that the drawback is having to maintain the system, not being in communication with your customers!).

Ok, this post is too long already; I'd better shut up now. Sorry!

 

[bluenova]

Hi there,

Thought I better chime in as my name was mentioned .

To start I just want to enforce that I in no way support the activity of illegally acquiring paid apps. I purposefully kept my personal views out of the previous thread because I only wanted to correct the 2nd post in the thread that stated it can't be done, when in my experience it can.

I like to know as much as I can about technology I'm using and a lot of that process includes messing around with system files/directories. I noticed that free apps I install using apk installer gave links to updates in the market, for instance with Last.FM I originally installed via an apk as it was not in my local market place. Since using Market Enabler I noticed I was receiving updates for it even though it wasn't installed through the Market. I wanted to know if the same is true for paid apps (for my own knowledge) so I manually installed Farm Frenzy which I had purchased on another device which has a different Google account linked to it and discovered in the Market place it showed as installed and also received updates.

Now I don't know why Szadzik disagrees with me, I'm not doubting what he/she is saying I just don't know why it worked for me and not for him/her. One possibility which springs to mind is maybe Farm Frenzy is not a protected app and perhaps Szadzik was using a protected app? At any rate it's something Google will need to look at fixing at some point.

 

[3098]

Closed threads, open source. What a forum!

Ok, on topic. I remember, as most of us do, an old issue on the Android system was that Paid Apps used to ask for payment/ Credit card validation for each of their upgrades. While we were never charged for the update, there definitely was the market asking for our bucks.

So, I tried something here. When I get an apk file of the latest version of an app and install it, the update doesn't ask me for money. On the other hand, if I install a very old version of the same app, it asks me for money when I try and update it. I haven't been able to find out how old the apk file needs to be for this to happen, but it happens!

 

[Aselby]

As a developer I know that I have cancelled peoples orders (to refund them for whatever reason) then months later I recieve an email from those people saying that it won't let me update ... it says I have purchase the app

The only thing I can do is ask them to purchase it again then refund them again