-2

Long story: My clients want to let a third-party company test my App. Because I have never heard about this company before, I want to make my App not copyable/data-accessible, in case they try to copy my program or do strange stuff. In few words, I give them a smartphone with the App already installed and usable, but that's it, they can't do anything more than test it normally like a casual user. Or a way to ask them a password if they try to access to sensible data. Is there a way to do it?

Short story: I need to make my App not copyable and its data inaccessible from others.

I hope my explantion was exhaustive :) Thank you all!

Dango
  • 311
  • 1
  • 4
  • 7

3 Answers3

1

A determined hacker will defeat any sort of copy protection you put in place. But what you can do is put enough barriers in place to make their return on investment not worth the time and effort.

Without investing too heavy in security components or investing in a trusted security platform, here are some dirt simple things you can put do in a special one-off build of your app.

  1. Tie this particular build of your app to something specific to the phone you are sharing with them. If the phone's serial number doesn't match, it doesn't work. See this on getting a serial number of an Android device.

  2. If there are data files beyond the program's compiled code that you are trying to protect that is plaintext or not in a custom binary format, simply encrypt it. Decrypt at runtime. Perhaps the password/key is based on the serial number of the device or other nonce unique to the phone. That way, they can't copy data and program to another phone and have it work.

  3. Put a timebomb in place. That is, after a specific date, the app just doesn't work.

  4. On startup, your app accesses a website and downloads a URL. Based on the contents of the URL, the app shuts off.

All of these mechanisms can be defeated by someone that really wants to copy your app or get at your files. But it's sufficient to ward off the casual hacker and to buy time while your app is relevant.

Community
  • 1
  • 1
selbie
  • 100,020
  • 15
  • 103
  • 173
  • Thanks for the answer :) Is there a guide to make the points 3 and 4? – Dango Nov 13 '15 at 06:56
  • It's exactly what you would think it would be. For #3, call into the Java data/time library. If the current date is past the expiration time you've compiled in, the app doesn't run (or pops a message dialog). For #4, HttpUrlConnection in an AsyncTask is all you need. My only recommendation would be to do the data download over HTTPS. – selbie Nov 13 '15 at 07:04
  • Sorry but I am new to android, is there a fully explained guide? I looked at the first option too, so basically I can ask at the start of the app to look at the device ID and if it is different from the default, I can block the start-up of the app, correct? One last question: How can I block/force unistall the app at the start up in case the condition isn't met? Thank you very much :) – Dango Nov 13 '15 at 07:21
  • You could pretty much just force the app to crash crash if the condition for #1 or #3 above isn't met. Invoke a method on a null object to force a crash. If you are new to Android, then I would suggest you focus on growing your Android and Java skills - and focus on making a great app that your customers will love. Because otherwise, if you are new to Android, how is it that your app has enough value at this point to warrant an investment in copy protection? – selbie Nov 13 '15 at 07:32
  • My app is only a little piece of a bigger security system, that's why :) Anyway thanks for the exhaustive answer :) – Dango Nov 13 '15 at 07:57
0

Use licensing options provided by Play Store and Tools like Proguard can make it difficult

Sam
  • 41
  • 2
  • 10
0

You can try StarForce Android Protection that prevents hacking and copying. They offer a month for free. It can be enough for testing. Or just ask for prolongation of trial period if you need.

Andrey Starovoytov
  • 1