Android and piracy

General topics about the Android-Platform itself.
Coding issues please to the subforum right below.

How do you manage piracy ?

I do nothing. It's a lost cause
I have developed my own protection scheme
No votes
I rely on the Google protection
My return is based on advertising
Total votes : 16

Android and piracy

Postby chimaera » Sun Oct 18, 2009 11:53 pm

My first app has been pirated after only 1 month (by kiddies with a simple rooted phone).

I first took it as a kind of recognition and I can understand the free download "reflex" particularly given the nightmare it can be for legitimate users to download on the Android Market (90% of the mails I receive on my support mailbox are complaints about stuck downloads or unavailability from various countries).

The fun part is that the pirates are doing a very great job at advertising their work (using my own screenshots/video and extracts from my website). The download stat of their fileservers are quite impressive (more than my Market account stat :D )

The less fun part is when I tried to contact the fileserver companies (rapish**re, hotf**le, ...). The conditions to remove a file are quite drastic. You have to provide your name, phone number, address, swear to speak the truth "under penalty of perjury" and sign with your blood. They made you feel as you are the offender.

I know it's futile to avoid piracy, but I would have appreciated one or two more months of exclusive rights on my own app.

What is your feeling on this ?

It's now common knowledge that the Google protection is a joke (no to say a penalty for real users). Do you think the devs have to develop their own protections or do you think it's a lost cause ?
Junior Developer
Junior Developer
Posts: 22
Joined: Fri Jun 19, 2009 1:42 am


Postby padde » Mon Oct 19, 2009 12:28 am

In general you will have to life with piracy but you could try your best to make it harder for the pirates.
I never selled an app.. so what kind of data does google provide to you from the buyers of your app?

I really would like to build some easy to use protection scheme for developers.. to make it at least a bit
harder for the pirates but i need more information about the hole purchase transaction.

Even though i have to admit that i was tempted to "steal" an app or two by myself. The reason is simple..
you need a credit card to buy apps from the market and i simply havent one.. the occasions where i wished
i have one are just to few to bring myself to change that.
So i think part of the problem are the limited options for the user to legally obtain the apps.
A second reason is that some apps doesnt have a free trial version... dont do that.. this could be the main
reason behind the piracy. Always provide some sort of trial version.. no one likes to buy a pig
in the poke.
Master Developer
Master Developer
Posts: 443
Joined: Wed Apr 08, 2009 4:52 pm

Postby chimaera » Mon Oct 19, 2009 1:01 am

Well Google provides us with a google checkout code from the user (a kind of mail address). But this information is useless as it's not possible to link it to the user and build a kind of authentication database.

The problem is that there is no Market or google checkout api. Some Google apps access the google account but the interface is locked for others. A simple function like: is the app registered as bought in the google profile would have save my day.

I totally agree that piracy is encouraged by the poor market options.
The main problems are :
- that too many users can't even finish the transaction process (around 20 % of transactions failed because of credit card authentication)
- too much technical issues with the market (after t-mobile last HTC upgrade, legitimate users have been locked out the market for one week). A lot of users report stuck downloads.
- free market is deployed before paid market in a lot of countries, creating frustration
- grabbing a paid version for free is far too easy for all (and require no technical knowledge)

I have a free version (which is quite complete) and a paid version that is very cheap (1.99 euros) considering all the functionalities.
Junior Developer
Junior Developer
Posts: 22
Joined: Fri Jun 19, 2009 1:42 am

Postby padde » Mon Oct 19, 2009 2:21 am

The best payment option would be pay by cellphone bill or pay per sms.
But i think the problem here is of bureaucratic nature due to the different
countries and their laws and so on.

Would be nice if google would provide some sort of validation function that gets
invoked automatic right after a successfull payment transaction.
Or they could provide some hashed value from imei/imsi instead of the checkout

Maybe someone from google reads this and will think about a more secure way
for user and developer than the current "solution".

Or do i smell a petition?! :wink:
Master Developer
Master Developer
Posts: 443
Joined: Wed Apr 08, 2009 4:52 pm

Postby Fatal1ty2787 » Tue Oct 20, 2009 1:16 am

I'm developing a game, and I was thinking about making some sort of protection...
As developers, whe a user buy your application, you recive just his checkout code? not his mail address, not his imei?
The last option would be using checkout api to send the user a licence key, but then I don't think the app could retrive it automatically from the user's checkout account...
Posts: 3
Joined: Tue Jul 21, 2009 9:19 pm

Postby Ressor » Fri Dec 18, 2009 6:55 pm

This is a big problem. I hope someone here with a lot of experience can offer some suggestions?
Posts: 28
Joined: Wed Oct 14, 2009 11:43 pm
Location: Boston MA USA


Postby hardcoras » Fri Dec 18, 2009 9:11 pm

I don't think we can create any decent protection system. Not without Google help.
I see several options:
a) protection is linked to a market;
b) protection is linked to a google acount;
c) additional information about purchases to make our own in-house system;
d) no "unknown source" installs on not rooted phones (like on iphone).

And another option is to avoid Android Market :D. And sell apps through you own market with your own protection system. But really that's not an option.
Experienced Developer
Experienced Developer
Posts: 62
Joined: Sat Nov 14, 2009 2:31 pm
Location: Lithunia

Postby zsakul2 » Sat Dec 19, 2009 1:33 pm

Off the top of my head i just developed a security scheme ive never developed an app before so im not sure how easy this would be but its basically serial numbers on steroids

For every application that is downloaded and installed
the application randomly generates a number and when connected to the internet
at all times will try to send the code once its sent its uploaded to a database
of app installs. Then when multiple ones are being registered of the same one

i e

User1 a buys App1 : He runs it installs when its installed hed have to be
connected to the internet cause he just downloaded it anyways most likely
their on a mobile network. As soon as its installed he opens it and it runs
a check and it finds it doesnt have the generated number so it registers
its self with the server and once its registered its entered into a field.

User1 grabs the apk off of his phone and offers it on forums.

User 2 downloads it and
installed it it will already have a generated code attached to it.
so when he installs itit checks if a codes already been applied and if it has
then when he installs itit automatically marks that app as stolen
and flags it once more then 3 of the same Generated number(s) is added the
process begins..
User2 wakes up in the morning all happy yay hes a pirate arrrghh the pirates
life for me! he turns on his phone and needs to check the app for something
.. so user 2 opens app1 and when he does theres a popup saying

"Argghhh the pirate life for you!! to bad you was too cheap to pay. All functions
This application previously had has been stopped due to pirating this app
has been installed on more then 3 different phones. Thank you and please buy
the application legitmately and dont distribute it or this will happen again."

User 2..: Sad panda face =(

How this works is when he opens the app it always checks the gen number so
it checks with the database and sees that same numbers been registered 3 times
so it sends a command to the phone to lockdown the application *file already
built in but it can only be activated via a command to activate it*
so you may say what if people want to redownload the app? wouldnt
each download and install trigger the gen code system. Well no it wouldnt
because if they uninstall it and download it new from the marketplace then
itll start off with an empty gen code and if they distribute it
itll already have one..

This is basically serial nu mbers on steroids :p. The user never knows the
process is going on either.

So basically

user 1 purchases app 1 to distribute to friends first he turns it on and
plays with it yay its fun but on boot up it signs a gen code and sends it
to the server..

User 1 then puts app online the one that already has a gen code tagged to it.

User 2 downloads the app and runs it thats 2 people registered on the server
with the same id tag the servers suspicious.. its like -Zomg..wtfhaxrpulz..?-

then user 3 downloads and installs it from the site and bam the same id tag 3 times.
the security mechanism is activated it sends a preset code or command to the app
via the server and tells it to activate the pirate method which therefor
locks the app out of usage..

any flaws?..

Also if you like this idea check out my cover application idea.. : cover_application-t9666.html < where id implement it
Posts: 9
Joined: Wed Dec 16, 2009 8:14 pm

Sounds like a good scheme

Postby rogerdodger » Tue Jan 26, 2010 6:08 am

Can someone explain this part

User 2 downloads it and
installed it it will already have a generated code attached to it.

The apk is what is getting copied. How can you attach a unique random number to the apk.

If the apk generates a random number when its installed, then the next time it gets installed, it will just create a new random number, right? I don't understand this part.

If anyone can explain this I'd greatly appreciate it.

I have a few apps, and I think ppl are just copying the apk, then canceling their order, then reinstalling from the apk on the sdcard

or is there a better way to prevent this?
Junior Developer
Junior Developer
Posts: 21
Joined: Mon Nov 30, 2009 8:38 am

Postby zsakul2 » Mon Feb 01, 2010 1:42 pm

If i understand your question what your asking is "If when the app is run it randomly generates a security serial and attaches it to a hidden file" < when user 1 downloads it... So then if he gave it to someone else then that would also create a random number. But if you read my thing (And this is assuming this is your question) I covered this i said before assigning one it checks if one has already been applied if it has then don't assign one and continue on with the security process..
Posts: 9
Joined: Wed Dec 16, 2009 8:14 pm

Postby rogerdodger » Mon Feb 01, 2010 3:28 pm

Ok im still not understanding something...

When a user installs your app and it checks/generates a serial, then creates a local file...then a diff user copies the first user's apk and installs, there will be no local file. So your apk will always install and generate a new serial, right?
Junior Developer
Junior Developer
Posts: 21
Joined: Mon Nov 30, 2009 8:38 am

Postby zsakul2 » Mon Feb 15, 2010 7:49 am

Sorry it took so long to reply.. No no it stores it stores it in the apk on the users phone so when they take it off the apk already has the serial in the apk
Posts: 9
Joined: Wed Dec 16, 2009 8:14 pm

Postby moobanposrisuk » Thu Apr 22, 2010 12:22 am

Not a bad scheme zsakul2. It will prevent typical end users, but intent hackers with a .dex file decompiler coiuld change your code to skip the checks altogether and recompile/repackage it.

You might find some other techniques here for making things more difficult for such hackers:

Keep those creative anti-piracy thoughts coming!
Posts: 2
Joined: Thu Apr 22, 2010 12:05 am

Postby mukaibot » Sat May 01, 2010 8:53 am

I think chimaera's idea of checking the Google account to see if the app has been bought is the only real solution.

...apk's are read only on the phone, so you can't insert data into them (can someone verify this?).

My opinion is that piracy is inevitable. If someone wants to pirate your software, they will. Companies like Adobe and Microsoft spend considerable resources into developing sophisticated protection schemes that get broken a week after release. All that time you spend coming up with protection scheme would be better spent making your app even more awesome, so users want to buy it.

As padde says, always provide a free trial version!!! Even though you get 24 hours for a refund, I don't want to take any chances on an unknown app.

I haven't released my app yet, but when I do, I'll definitely be releasing a cut down trial version, and a full one for $1AUD (my app is really only worthwhile for Melbournians). I would be happy if I got 500 downloads! But at the end of the day, I wrote the app for me, and if people find it useful, they will pay for it.

The thing I love about Android is it's great for dabblers. I'm not a programmer by any means, but it's easy for me to have a go. However, for professional developers, the Android Market needs to have better protection because as has been said, it's a complete joke.
Posts: 6
Joined: Sun Apr 25, 2010 5:04 am
Location: Melbourne, Australia

Postby freewheelnat » Sun May 02, 2010 10:36 am

Over the last few days, I've noticed a sharp increase in the number of people who pay for the app then ask for a refund about half an hour later. The app itself has been on the market for a while so this change in buying trends is odd (there hasn't been an update to the app for a couple of months). I've read somewhere else that they may be backing it up, get their refund, then reinstall it from their backup. Is this really something they can do?
Posts: 40
Joined: Sat Aug 08, 2009 11:48 am
Location: London


Return to General

Who is online

Users browsing this forum: No registered users and 0 guests