0

I have this app developed and issued to users via USB. But I want to prevent them from extract the APK and install it on other phones.

Currently, I have a APK signing signature check when the app launches and prevent it from running if it doesn't match mine. But it doesn't to stop those APK extractor apps, this one for example. https://play.google.com/store/apps/details?id=com.ext.ui&hl=en

I checked the extracted APK and it has the same signature as my original! Is there any other ways to stop it?

My app is a standalone app so it doesn't have a server to talk to...Thanks!

FiniteElement
  • 201
  • 1
  • 10
  • give us more details how do you install app. Do you use adb install or android installer or? After apk has been extracted you have two identical apks which mens that you need to make first installation special. I think it is hard to accomplished what you want without server side. Maybe you can implement firebase backend to save imei of activated devices... firebase is really easy to implement... – MilanNz May 14 '18 at 18:59

2 Answers2

1

Disclaimer! There's no way you can protect your app 100% but you can try the following ways:

Google Play Licensing and the License Verification Library (LVL) This service allows your app query a Google Play Licensing server to determine if currently running device is recorded as a purchaser.

More info

OBFUSCATION Eliminate all chances of reverse engineering which is a way of generating an apk from your app.

More info

COPY PROTECTION

Although superseded by licensing on some platforms (most notably Android), copy protection is a simple way of fending off more perfunctory attempts at piracy.

Digital rights management (DRM) can be built into the app itself, be part of the app store to which it is uploaded (such as Amazon DRM), or purchased as part of a third-party paid DRM service.

blast king
  • 26
  • 4
  • Google Play Licensing does not work for side-loaded apps that are not available in Google PlayStore. – Robert May 14 '18 at 19:03
  • Your are not uploading to play store? – blast king May 14 '18 at 19:16
  • Unfortunately not, the app is sideloaded. – FiniteElement May 14 '18 at 19:39
  • How does DRM work by building into the app itself without an backend? Is there any project/service that I could look into? thanks – FiniteElement May 14 '18 at 19:46
  • All you need to know about DRM >>https://source.android.com/devices/drm and here>>>>https://www.ghacks.net/2016/12/03/check-your-android-devices-drm-capabilities/ and a working sample is here>>>https://github.com/Axinom/drm-quick-start-android BONUS >> https://stackoverflow.com/questions/7915763/samples-tutorial-for-drm-framework-in-android – blast king May 14 '18 at 20:05
  • uf this was helpful...Don't forget to upvote and accept it as answer. So users in the future can benefit. thanks – blast king May 14 '18 at 20:12
  • Cool. I'll give it a shot. Thanks! – FiniteElement May 14 '18 at 21:17
0

In general you can not prevent your app from being extracted from a device. Furthermore any of your user could simple upload the retrieved APK file somewhere on the net.

Therefore you can only protect your app from being used by "the wrong people". I see two possible solutions for doing so:

Dongle the version to a specific device

You know the principle by many shareware software: After installing the app requires to enter a license code that activates it. The license code is generated by you after receiving some sort of device fingerprint and the app checks if the license is valid for this specific device.

Embed a water-mark that allows you to identify who has leaked the APK

This would require to create unique APK files for each of your legitimate user.

Robert
  • 39,162
  • 17
  • 99
  • 152
  • hmm a license code might be a good idea. I was initially thinking of using IMEI number of the phones but then I would need to keep a list of them. Using a license code is much easier. – FiniteElement May 14 '18 at 19:41