Protecting An App For Market_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-01-09 10:37 出处：网络

I\'m working on my first Android app, and am almost to the point where I can sta开发者_开发百科rt thinking about putting it up on the market as a paid app.

I'm working on my first Android app, and am almost to the point where I can sta开发者_开发百科rt thinking about putting it up on the market as a paid app.

In the process of researching this step, I found out that it's basically trivial to break Google's copy protection scheme. I don't know how big of a problem this really is, or if we need to look into some other form of protection.

Obviously an obfuscater like ProGuard is a good first step, but how would you go about protecting your application from being released into the wild?

Second, other than encrypting contents (which is difficult because the decryption key has to be stored in the program too) how would you prevent someone from just dumping the contents of a sqlite3 database?

Just today Google released details of the new licensing service which is intended to replace copy protection. See here for details: http://developer.android.com/guide/publishing/licensing.html

It sounds like you have two security concerns:

Users copying and distributing your application without paying
Developers decompiling your source code and stealing it for their own applications

Concern #1: Its definitely possible for users to do this. One solution would be to give the app away for free, but disable it until they register on an independent website (where they pay). However, this kind of defeats the purpose of using the market as a convenient way to distribute your app.

Concern #2: This is a problem developing Java applications in general and isn't really specific to Android. As you stated, using an obfuscater is a good start. However, you are always going to be able to decompile Java code, and there really isn't any easy way around this that I know of.

My opinion is that piracy is very difficult to stop if the culprit has enough motivation. However, in general I don't think its a huge concern for Android developers. I know lots of people who wouldn't blink about downloading pirated movies or video games, but pay for all of their mobile applications.

Everything is about to change: http://www.itproportal.com/portal/news/article/2010/7/28/google-add-licensing-service-android-apps/

Don't use sqlite. Use your own custom format. That's not unbreakable, but will definitely make it harder to extract data
Just don't keep your sensitive data at customer device. Keep it in Internet on your own server. And make your app just as a "thin" client to your server-side data/app.

For now 90% of devices have Internet connectivity for 90% of their running time. You should consider the importance of your data and either choose to keep it always server-side, requiring Internet connection, or keep it at client-side, making it vulnerable.