Apps Protect My App From illegal share (make it can't be run if it's not installed from google play

[Hyder61112]

Good evening everyone.
I've made a game called "LAUC" For Android.

How do I make the game can't be run if it's installed from out of google play ?.
Just like spiderman 2 "the app is not installed from google play. Please reinstall it"

I want to sell my game for 3.9$
But I don't want it to be shared for free.

Because That's not fair.

 

[Deleted User]

It's a security setting on the device. User should allow installation of apps from unknown sources

https://developer.android.com/distribute/tools/open-distribution.html#unknown-sources

 

[scary alien]

Hey @Hyder61112, welcome to AF .

I'm not sure you can make the app protect itself since there's (currently) no way that I know of that an app can tell how it was installed.

I.e., I don't know how the Spiderman app does this--would be curious to know, though...

I believe that Android Nougat is going to tell you how an app was installed, but I'm not sure if there's an API for you to call to check that inside your app (you would think there would be (or already is/might be...)).

Perhaps @LV426 has a better insight on protecting yourself...

Cheers!

 

[Deleted User]

I slightly misread the question. OP wants protection from copying and/or reverse engineering.
The sad fact is that it's virtually impossible to prevent someone from hacking your APK. You can use code obfuscation tools to make life more difficult for hackers. But it's still possible to reverse engineer the code, and there are some clever people out there.
This answer explains things well -

http://stackoverflow.com/questions/9865162/how-to-secure-my-app-against-piracy

 

[scary alien]

Just a quick follow-up, here's the link where I heard about the "installed from source/location":

http://phandroid.com/2016/07/19/android-nougat-app-install-info/​

I'm betting there will/might/hopefully be an API available for that, too, when "N" is released.

 

[eshieldsvx4]

Good evening everyone.
I've made a game called "LAUC" For Android.

How do I make the game can't be run if it's installed from out of google play ?.
Just like spiderman 2 "the app is not installed from google play. Please reinstall it"

I want to sell my game for 3.9$
But I don't want it to be shared for free.

Because That's not fair.

There's a better way. Add a line in the manifest.xml that includes a prerequisite that only Google Play can allow.

Or, allow the game to be downloaded, but insert the IAP in the app itself so that even if it's sideloaded, you'll need to pay for it anyway.

 

[scary alien]

There's a better way. Add a line in the manifest.xml that includes a prerequisite that only Google Play can allow.

What line would that be?

I'd be very interested to know that, thanks!

 

[mikedt]

Yes Spider-Man 2, that's not installed from Google Play.

There's some clever people in China. Basically it's pretty much impossible to protect your app from piracy, and unauthorized distribution.

 

[Deleted User]

What line would that be?

I'd be very interested to know that, thanks!

If there is such a line in the manifest, I would expect the hacker could remove it and reconstruct the APK.

 

[mikedt]

You can protect your app or game if it uses an online server component, e.g. try playing Pokémon Go in China, you can, but it requires quite a lot of hackery on the user's part and a rooted phone.

 

[Jhayzone]

If that is possible wouldn't you expect popular companies that releases paid games like kemco and square enix to have done this already? Its sad since company like Kemco regularly releases quality RPGs but the sideloading became so bad that they were forced to release their newer games fully free, FULLY FREE! with the option to pay for a "premium" version if you appreciates their work. I just bought again a game from them ealier because they are really that good.

 

[eshieldsvx4]

What line would that be?

I'd be very interested to know that, thanks!

I only dabble with my SDK so I can't tell you exactly. I know of it because some apps I install from 3rd party stores don't work because of it.

It's associated with the permission "Google Play License Check".

 

[scary alien]

I only dabble with my SDK so I can't tell you exactly. I know of it because some apps I install from 3rd party stores don't work because of it.

It's associated with the permission "Google Play License Check".

Sounds like you are speaking about this https://developer.android.com/google/play/licensing/adding-licensing.html:

Adding the Licensing Permission

To use the Google Play application for sending a license check to the server, your application must request the proper permission, com.android.vending.CHECK_LICENSE. If your application does not declare the licensing permission but attempts to initiate a license check, the LVL throws a security exception.

To request the licensing permission in your application, declare a <uses-permission> element as a child of<manifest>, as follows:

<uses-permission android:name="com.android.vending.CHECK_LICENSE" />​

For example, here's how the LVL sample application declares the permission:

<?xml version="1.0" encoding="utf-8"?>

<manifest xmlns:android="http://schemas.android.com/apk/res/android" ...">
<!-- Devices >= 3 have version of Google Play that supports licensing. -->
<uses-sdk android:minSdkVersion="3" />
<!-- Required permission to check licensing. -->
<uses-permission android:name="com.android.vending.CHECK_LICENSE" />
...
</manifest>

Note: Currently, you cannot declare the CHECK_LICENSE permission in the LVL library project's manifest, because the SDK Tools will not merge it into the manifests of dependent applications. Instead, you must declare the permission in each dependent application's manifest.
​

Then there is further information later on in that page for Checking the License from an Activity and Overview of license check and response.

Adding the policy and license checks would indeed seem that it might help protect an app as it would make it much more difficult for those that would decompile and hack/tweak the .apk, especially if obfuscation code were added--difficult, but not impossible.

Also, see this overview page:

https://developer.android.com/google/play/licensing/overview.html
​

which points-out:

Requirements and Limitations

Google Play Licensing is designed to let you apply license controls to applications that you publish through Google Play. The service is not designed to let you control access to applications that are not published through Google Play or that are run on devices that do not offer the Google Play client.​

 

[Deleted User]

I'm actually surprised that Google haven't put robust measures in place to stop app piracy. But then, reverse engineering has always been an inherent weakness in Java, as the bytecode can easily be decompiled.
However Google have some very clever people working for them, so I would have expected a bit more support for anti-piracy measures, or at least some anticipation that such problems would occur.

 

[mikedt]

I'm actually surprised that Google haven't put robust measures in place to stop app piracy.

Apple thought they did, and iOS app piracy still happens.

And as for Windows Phone app piracy...why bother?

 

[eshieldsvx4]

Sounds like you are speaking about this https://developer.android.com/google/play/licensing/adding-licensing.html:

Adding the Licensing Permission

To use the Google Play application for sending a license check to the server, your application must request the proper permission, com.android.vending.CHECK_LICENSE. If your application does not declare the licensing permission but attempts to initiate a license check, the LVL throws a security exception.

To request the licensing permission in your application, declare a <uses-permission> element as a child of<manifest>, as follows:

<uses-permission android:name="com.android.vending.CHECK_LICENSE" />​

For example, here's how the LVL sample application declares the permission:



Note: Currently, you cannot declare the CHECK_LICENSE permission in the LVL library project's manifest, because the SDK Tools will not merge it into the manifests of dependent applications. Instead, you must declare the permission in each dependent application's manifest.
​

Then there is further information later on in that page for Checking the License from an Activity and Overview of license check and response.

Adding the policy and license checks would indeed seem that it might help protect an app as it would make it much more difficult for those that would decompile and hack/tweak the .apk, especially if obfuscation code were added--difficult, but not impossible.

Also, see this overview page:

https://developer.android.com/google/play/licensing/overview.html
​

which points-out:

Requirements and Limitations

Google Play Licensing is designed to let you apply license controls to applications that you publish through Google Play. The service is not designed to let you control access to applications that are not published through Google Play or that are run on devices that do not offer the Google Play client.​

You pulled up the whole schpiel. Thanks that just about sums up my intent

 

[eshieldsvx4]

I'm actually surprised that Google haven't put robust measures in place to stop app piracy. But then, reverse engineering has always been an inherent weakness in Java, as the bytecode can easily be decompiled.
However Google have some very clever people working for them, so I would have expected a bit more support for anti-piracy measures, or at least some anticipation that such problems would occur.

Developers for Android have more room to be creative than iOS.

I enjoy and benefit from root access, but prop normalizers are dangerous. And I think they should be used only for debugging purposes, not to get around limitations.

 

[Hyder61112]

Thanks for all who suggested me to do something.
I'll try the IN-GAME Purchase system.
It's the best.

Thanks for all.