使用 LVL 和明确意图来保护应用程序?
我有一个使用 LVL 的应用程序。 (为简单起见)它由两个活动组成:第一个活动称为 LVLActivity,用于检查许可证。如果失败,它只是完成,否则它会以明确的意图启动第二个名为 MainActivity 的活动。
在清单中,有
<application android:icon="@drawable/icon" android:label="@string/app_name">
<activity android:name=".LVLActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER"/>
</intent-filter>
</activity>
<activity android:name=".MainActivity">
</activity>
</application>
其他人是否可以编写一个带有明确意图启动 MainActivity 的小应用程序?
这样的设置是否足以起到合理的保护作用呢?
I've an app using the LVL. It consists (for simplicity) of two activities: The first one called LVLActivity checks the licence. If it fails, it simply finnishes, otherwise it launches the second activity called MainActivity with an explicit intent.
In the manifest, there is
<application android:icon="@drawable/icon" android:label="@string/app_name">
<activity android:name=".LVLActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER"/>
</intent-filter>
</activity>
<activity android:name=".MainActivity">
</activity>
</application>
Is it possible for someone else to write a small app that launches the MainActivity with an explicit intent?
Is this kind of setup is enough for a reasonable protection?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我相信 MainActivity 可以通过以下方式从另一个应用程序启动:
所以,不,这本身不会保护您的 MainActivity 本身,但您可以在 LVLActivity 和 MainActivity 之间拥有某种所需的共享数据,这样,如果此数据不存在,MainActivity 将停止。
但是,请注意,即使这样也不会阻止用户对代码进行逆向工程。为了防止这种情况,您不应该在设备上的应用程序中包含任何敏感数据 - 这基本上意味着您应该在服务器上执行所有业务逻辑,并且仅将对于给定用户安全的数据发送回设备。当然,您需要在服务器上进行某种用户身份验证+授权。
I believe MainActivity can be started from another app via:
So, no, this would not protect your MainActivity per se, but you could have some kind of required shared data between LVLActivity and MainActivity, so that MainActivity would stop if this data is not existing.
But, be advised, that even this would not stop users who could reverse engineer code. To guard against this you should not have any sensitive data inside your application on devices - this basically means you should perform all business logic on server and only send data that is safe for given user back to the device. Of course you need to have some kind of user authentication+authorization on the server.
为什么不在您的主要活动中进行许可证检查?这是 Google 推荐的方式。
除此之外,您可以随时执行许可证检查,但 @Peter Knego 说得对,如果有人真的想绕过许可证检查,那么他们就会这样做。
Why don't you do the license check in your main activity? It's the way Google recommend.
Aside from that, you can perform a license check whenever you want, but @Peter Knego is correct in saying that if someone really wants to get around the license check, then they will do so.