7

Recently I released an app into Android Market using the licensing system with the ServerManagedPolicy model.

Some days ago someone cracked the apk making it always response "Using cached license response" and allow access.

How can I avoid that in future apps? Thanks!

Addev
  • 31,819
  • 51
  • 183
  • 302

2 Answers2

12

I agree with @Tom van der Woerdt Implement your own licensing library

I'd also refer you to check out this from Google I/O 2011:

Evading Pirates and Stopping Vampires

http://www.youtube.com/watch?v=TnSNCXR9fbY

EDIT:

The Presentation Notes from Evading Pirates and Stopping Vampires

Some basic keypoints

TryTryAgain
  • 7,632
  • 11
  • 46
  • 82
  • The links above seem to not always go to the page linked...it seems to only work sometimes and somewhat OS and browser dependent. So, take note of the ending `#%3ar.page.15` in the URLs. If you aren't automatically redirected to that page, be sure to look at the link to see where/what page you should be looking at. – TryTryAgain Apr 05 '12 at 13:48
  • 1
    Techniques offered in `Evading Pirates and Stopping Vampires` have been circumvented by Lucky Patcher (LP) app somewhat, particularly the client side. I know 'cause I've downloaded a copy of LP and use it to crack my own app. The only thing not totally cracked yet is the Reflection recommendation and Server-side validation - but it's just a question of time before LP will crack this too!... – ChuongPham Nov 16 '12 at 13:43
  • @Chuong Thanks for keeping the conversation updated. I'll update this answer after I give some time to researching. – TryTryAgain Nov 16 '12 at 17:51
  • The presentation Notes Link is broken, and the links bellow "Basic keypoints" as well. – Abdrahmn_msi Feb 28 '17 at 15:49
5

There's no perfect solution. Even Apple's iOS has issues like this, but on a far smaller scale. If your app is very popular or good, it will be cracked. I'd say consider it a compliment.

Of course, using standard libraries for licensing is always a bad idea, because crackers can simply re-use their cracking tools for every application that was built using the same library. Implement your own licensing library, which will make cracking your app a lot harder.

Interesting fact: Apple's OS X App Store also has a licensing system built-in, but developers have to write their own libraries to use it. This way crackers can't crack multiple applications simultaneously, because every application has a different implementation of the licensing system.

Tom van der Woerdt
  • 29,532
  • 7
  • 72
  • 105