8

I'm new to android development, I just released a paid pro unlocker for my free app.

I published it 2 days ago, within 12 hours of it going live I googled my app and theres at least 8 sites listing my free app, but patched so all the paid features that should be locked in the free one are unlocked. They essentially copied my entire store listing description, changed the wording around slightly and posted several mirrors to the patched apk.

Is there anyway to avoid this?

Being that these were so quickly posted, it leads me to believe it's being done automatically. What tool is used and where can I get it? What can I do coding wise to prevent the ability to patch it? Is there anywhere in google developer console where I can report pirate blogs/sites?

is this normal for paid apps? thanks!

rosghub
  • 8,924
  • 4
  • 24
  • 37
  • `Is there anyway to avoid this? ` **NO**. If a hacker is really motivated, you can't stop him/her. You can make his/her life harder, though, by using code obfuscation. – Phantômaxx May 04 '15 at 08:35
  • 1
    Right, but what tools are being used to produced these patched apks within ~6 hrs after publishing? If I can decompile with those tools I can possibly prevent it or at least make it harder. – rosghub May 04 '15 at 18:03
  • Medunno... Really, I'm no hacker at all. I guess they use tools like `apktool` and `dex2jar`. Or something more advanced. – Phantômaxx May 04 '15 at 18:08

1 Answers1

1

There are plenty of automatic tools to remove google play licensing from apps. As well as tricks to protect from patching software.

Here is for example a patcher http://luckypatcher.net/ and discussion on how to protect from it Way to protect from Lucky Patcher / play licensing

Consider those options to protect your app:

  1. Make licensing verification code uncommon. Read those guidelines from google engineer http://android-developers.blogspot.com/2010/09/securing-android-lvl-applications.html

  2. Move your paid features and licensing checks to native code and possibly protect it with Tamper Protection tools.

  3. Make the paid features an online content and verify license on the web.

Community
  • 1
  • 1
Andrey
  • 56
  • 4