-2

When I send an APK file to someone's e-mail, he can copy the file million a times and sell it amillion times, but I do not want that.

How can I integrate protection in a Java file, manifest.xml, or somewhere else, such that copies of the program will not work? Or could I set a one-time password for the APK file?

Kyle Maxwell
  • 617
  • 6
  • 20
nns
  • 1
  • 1
  • 3
  • Accepted answer is http://stackoverflow.com/questions/7717580/how-to-proect-apk-file-being-shared-with-other-people – hakki Feb 06 '13 at 17:59

3 Answers3

2

You can't. There is no way to achieve this. Unwanted distribution is a risk you'll have to take when you email an apk to someone.

The best you can do is compile a separate apk each time you email it to someone, and put a unique code in it. When the app is first launched, have it register itself with an online server. If someone tried to register the same code again, then you know that the apk was sent to someone else or installed on multiple devices. In such a case, your server can tell your app that that particular code has already been used and have it refuse to work.

Downsides of this approach:

  1. You need to specially compile a new apk for every separate email
  2. Anyone can decompile the app and change the code to something else and recompile and use it. Or they could remove the entire checking mechanism if they wanted.

In short, there is no foolproof way to do this.

Raghav Sood
  • 81,899
  • 22
  • 187
  • 195
  • You can use ProGuard to make decompilation of your app more difficult – nicopico Feb 06 '13 at 17:52
  • @nicopico Decompiling it is still easy. Its just harder to read. And nowadays you have decompilers that can undo obfuscation to some extent. – Raghav Sood Feb 06 '13 at 17:52
  • 1
    You have to rent one and build an app that always runs and does the job. – WarrenFaith Feb 06 '13 at 17:59
  • Is there way, if he install app from apk file, apk file delete automaticly. – nns Feb 06 '13 at 18:00
  • @nns You don't need to build a server. Just rent or buy one, and run a simple webservice on it – Raghav Sood Feb 06 '13 at 18:00
  • @nns No, and that would be quite pointless. For a start, you don't know where the downloaded apk is stored. And even if you delete it, the user can just pull it from the system if its a rooted device. – Raghav Sood Feb 06 '13 at 18:00
  • Where I can rent it, and what is costs? – nns Feb 06 '13 at 18:01
  • @nns Google is your friend. There are thousands of companies which offer servers for rent. You'll have to see which one suits your needs best – Raghav Sood Feb 06 '13 at 18:02
0

You don't have any way to do that if you want your user to be able to install the application

A possible workaround would be to test the DeviceID, and allow the app to proceed only if the DeviceID has been authorized.

Obviously you would have to manage this in your code, and that could become quite cumbersome if you need to authorize numerous devices. Plus I am not sure every device has a DeviceID

see Is there a unique Android device ID? for more information about this

Community
  • 1
  • 1
nicopico
  • 3,606
  • 1
  • 28
  • 30
0

Create a Custom APK which is just few extra lines of code with one of the following option

How about Keeping a count of # of time App is launched and if it exceeds Show a message and close it?

Or you can check for # of days trial in your code, in your MainActivity/Base Activity check for let 5 days from now, if exceeds exit the app.

You can always save this details in your app's shared pref and cross check with that.

Mayank Mehta
  • 689
  • 1
  • 8
  • 12