6

I build an android application but I want that when I give it for testing then user can not copy it and that apk should not be installed on other devices?how is it possible .can I protect that apk?

sumit acharya
  • 619
  • 1
  • 6
  • 18
  • seems like this would be a common problem with solutions? What did you find when you searched? – Mitch Wheat Dec 01 '12 at 05:51
  • have a look at this http://stackoverflow.com/questions/8143688/android-app-licensing-copy-protection – kumar_android Dec 01 '12 at 05:56
  • one of the issue, we are working on. – Sahil Mahajan Mj Dec 01 '12 at 06:25
  • @sahil- let me know when find a solution – sumit acharya Dec 01 '12 at 06:28
  • I thinks there is no 100% solution for this situation. Even if you add any checks in your code and obfuscate it, there are pretty easy methods of deobfuscation and anyone can change or use youe code. This is one of the biggest problems of android. – Evos Dec 01 '12 at 06:41
  • 1
    one of the solution we found was to keep track of the device id and give them just a 10 day trial(after it the app should be blocked). but the main issue was how to protect apk, because no matter how much protection you do(making the apk as the system app, that is mot much easy to copy), there are still lots of softwares available that can copy those apk's – Sahil Mahajan Mj Dec 01 '12 at 06:43

2 Answers2

3

Get the device ids of the devices you are going to test and just check to see if the current device is one of the devices you want.

SuNnY_sYeD
  • 513
  • 1
  • 6
  • 19
  • This would not help, anyone can decompile apk to code and switch device id on any other device id or simply comment this check to allow all devices to use this app. – Evos Dec 01 '12 at 07:00
  • @Evos uh, decompling an APK, especially if it uses progaurd, is very non-trivial. – Kurtis Nusbaum Dec 01 '12 at 07:27
  • how about dex2jar util?Also all Android object classes like Activity,Service,BroadcastReceiver etc. can't be obfuscated at all, moreover all Serializable classes are also can't be obfuscated. This is easier than it may seem. – Evos Dec 01 '12 at 07:32
  • How about a server call to see if device is registered else close the app? but i guess you would still run into the same problem as @Evos suggested... – SuNnY_sYeD Dec 01 '12 at 08:10
  • @user1864948 :its a good option to make a server call to check the registered device. but still the apk could be decompiled. – Sahil Mahajan Mj Dec 01 '12 at 08:32
0

There are online services that provide you ability to upload application and use it via browser, for example appsuffer.com. Also HP provide ability to upload application to the real devices in they network and test your apps online on remote devices. I thinks this is one of solutions if you don't want to share you code with testers.

Evos
  • 3,915
  • 2
  • 18
  • 21