11

On the iPhone there are several ways to detect when user opens the version of your app that was pirated.

Is there a way on the Android to detect when an user is using the pirated version of your app?

mxg
  • 20,946
  • 12
  • 59
  • 80

2 Answers2

12

License Verification Library (LVL) is similar to your need.

The licensing service is a secure means of controlling access to your applications. When an application checks the licensing status, the Market server signs the licensing status response using a key pair that is uniquely associated with the publisher account. Your application stores the public key in its compiled .apk file and uses it to verify the licensing status response.

Any application that you publish through Android Market can use the Android Market Licensing service. No special account or registration is needed. Additionally, because the service uses no dedicated framework APIs, you can add licensing to any legacy application that uses a minimum API level of 3 or higher.

To help you add licensing to your application, the Android SDK provides library sources that you can include in your application project. The License Verification Library (LVL) handles all of the licensing-related communication with the Android Market client and the licensing service. With the LVL integrated, your application can determine its licensing status for the current user by simply calling a library checker method and implementing a callback that receives the status.

This document explains how the licensing service works and how to add it to your application.

And here is an example.

Referenced from here .

Pankaj Kumar
  • 81,967
  • 29
  • 167
  • 186
6

If by pirated you mean that the app is taken off a device that legitimately bought it and copied to another device and run, then yes the License Verification Library will detect it and call your code to deal with it.

Unfortunately, most pirated apps available on the pirate sites and peer to peer network sites today have been decompiled, had the license check removed and recompiled and digitally signed with a different certificate, so the LVL is of no use. If that is the case, as it was with my paid app there is no detection, and quite frankly nothing you can do about it. Google has provided us a platform the makes it very easy for others to steal your Intellectual property. In fact, it is so easy, most of the theft is now automated. It is a bitter pill to swallow, and until Google does something about it, it will continue to happen. The Dalvik Dex code can be decompiled edited, recompiled and digitally signed by someone else. It is not secure in any way shape or form.

Matt Goodon
  • 77
  • 1
  • 6
  • 1
    So you mean all my 1 year hard-work to design-build-test an app that my whole (sort of) startup idea depends on will be available to public, not just that but its source codes, xml, assets? Because if dex is decompiled to jar, then jar can be decompiled to class files too. Correct me if I am wrong. I tested this decompilation on debug app, using some [free tools/tutorials](http://stackoverflow.com/questions/1249973/decompiling-dex-into-java-sourcecode) available. I thought signed apk could not be extracted due to sha-1 encryption. – Talha Nov 30 '16 at 06:32
  • 3
    @Talha Yes he is correct. Application signed by any certificate (debug/ release) can be decompiled. To handle this, store signature on server and verify signature of application on launch. This way you can block access. – Pankaj Kumar Nov 30 '16 at 06:52
  • You mean my own server? Yeah that makes sense, but I dont see why on earth the biggest platform distributor cant setup a security protocol to keep the products (apps) safe. – Talha Nov 30 '16 at 07:02
  • 2
    @Talha Yes agree :) I think this is their game plan to make Android popular :D – Pankaj Kumar Nov 30 '16 at 07:21