Check if paid app was installed

Question

I've created an android application, and also a paid key-application that can open some features in the regular application. I tried to use this code to check if the paid key is installed:

protected static boolean isProInstalled(Context context) {
    PackageManager manager = context.getPackageManager();
    if (manager.checkSignatures(context.getPackageName(), "com.myapps.appkey")
        == PackageManager.SIGNATURE_MATCH) {
        //Pro key installed, and signatures match
        return true;
    }
    return false;
}

It worked on my phone when I installed the two APKs that I exported from Eclipse (I think I exported them. Maybe it was directly with "run"/"debug". I can't remember). But when I uploaded them to Google Play - I got a message from a user that said that he bought the key but the features are still blocked. Is there something I do wrong? What are those signatures anyway? Does it have anything with the alias and keystore when I export the APKs?

Did you sign the two apps with different keys? Did you test on your phone with actual release builds of your apps, or where you running debug builds (signed with the `debug.keystore` by default)? — MH., Apr 13 '15 at 19:43
I used different keystore / alias / password. Should I use the same keystore? what's the default debug.keystore? I think that when I installed on my phone I exported the two APKs and moved them to the phone and installed. I tried so many times, maybe it was with the debug option.... — TamarG, Apr 13 '15 at 19:55
The debug key is the default used when you run from the IDE, so while testing, they both were using the same key. But you signed them with different keys for the store, so the signatures won't match. The only thing you can do at this point is unpublish one of your two apps and republish with a different package name and using the same key as the one you leave up. — Tenfour04, Apr 13 '15 at 20:27
In addition to what Tenfour04 said: you can also work around the problem, by using package manager to check if the paid version is installed, read its signature hash and compare it against the hard-coded hash value of your paid app's signature (you can retrieve the hash value by temporarily adding some debug output to your paid version that prints the hash code; build and sign that app using the correct key, then run it to retrieve the value). See http://stackoverflow.com/questions/5578871/how-to-get-app-signature — tiguchi, Apr 13 '15 at 20:31
@Tenfour04 - Thanks! It worked! Can you publish it as an answer? — TamarG, Apr 14 '15 at 04:21
So ignore my last sentence above because @NobuGames has a great workaround. — Tenfour04, Apr 14 '15 at 04:24
It's a new application so I didn't care to re-publish it and I didn't want to use hard-core strings, but both solutions are great. — TamarG, Apr 14 '15 at 04:26

score 2 · Accepted Answer · answered Apr 14 '15 at 04:29

The debug key is the default used when you run from the IDE, so while testing, they both were using the same key. But you signed them with different keys for the store, so the signatures won't match.

As @NobuGames mentioned in the comments, at this point since you already published both apps, you can update the free one to check for the key hash of the paid app using a hard-coded string. This theoretically might make it easier for someone to make a premium-unlocked pirate version of your app, although if they are digging into your source code that far, I suspect they would have succeeded anyway. Think of that as a good problem to have (popular enough app for pirates to spend that much time hacking on yours).

Check if paid app was installed

1 Answers1