So I have a problem, we want to be able to sell our Android application on our site AND on the Android market. If we just stick the .apk file on our site and let people download it after they have paid for it, how do we prevent them from just giving htat .apk file to a friend? I have been searching goolge all morning for a solution. I just want someway to be able to protect our application from being installed on more then one device.
So if you get it, install it on your phone, then give it to a friend friend, it would stop him/her and display some error.
First idea: provide an unlock code based on IMEI encryption on your website.
When people buy the app on your website, they will have to enter a code at the app launch. The app will compare the uncrypted number to the phone IMEI.
So if people A with IMEI B share the app to people with IMEI C, the app won't work.
EDIT: read this great post to get a unique number for an Android device: Is there a unique Android device ID?
You can also try
Settings.Secure#ANDROID_ID returns the Android ID as an unique 64-bit hex string.
import android.provider.Settings.Secure;
private String android_id = Secure.getString(getContext().getContentResolver(),
Secure.ANDROID_ID);
but It's known to be null sometimes, it's documented as "can change upon factory reset". Use at your own risk, and it can be easily changed on a rooted phone.
The weakest part will now be the Market, that's really easy to share and copy it.
This is a problem for all kinds of software, not just .apk files.
There is no ultimate solution to this issue, there are only hacks and workarounds to make it difficult to use the software on different devices.
You have no internal concept of 'who bought the software' if you're just putting a .apk file on the web. The only way to make the application only work on certain phones is to bundle the list of authorized phones into the application.
If you do not do that, then you may, for example, require the application to talk to a centralized web-service that vets the phone ID against a list of authorized devices, allowing the application to run in this case (this is the FlexLM model).
There is a pile of documentation on the web about how to protect your application, there is probably 10x that amount of information on how to make the protection go away.
If your unit sales are low, then the inventory of authorized devices is a reasonable approach, but if you sell more than a handful of copies of the application, then the web-service approach makes more sense.
You cannot stop your apk from being shared. However there is a google licensing service that you can look into. This service basically queries the google play store and finds out if the user actually bought the app . This is designed for mainly for the paid apps but you could use this in free apps too.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 疯言疯语 的文章《How to proect .apk file being shared with other pe》','https://www.manongdao.com/article-257875.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}