如何保护与其他人共享的 .apk 文件?
所以我有一个问题,我们希望能够在我们的网站和 Android 市场上销售我们的 Android 应用程序。如果我们只是将 .apk 文件粘贴在我们的网站上并让人们在付款后下载它,我们如何防止他们将 htat .apk 文件直接提供给朋友?我整个早上都在谷歌上搜索解决方案。我只是希望能够以某种方式保护我们的应用程序不被安装在多个设备上。
因此,如果你得到它,将其安装在你的手机上,然后将其交给朋友,它会阻止他/她并显示一些错误。
So I have a problem, we want to be able to sell our Android application on our site AND on the Android market. If we just stick the .apk file on our site and let people download it after they have paid for it, how do we prevent them from just giving htat .apk file to a friend? I have been searching goolge all morning for a solution. I just want someway to be able to protect our application from being installed on more then one device.
So if you get it, install it on your phone, then give it to a friend friend, it would stop him/her and display some error.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
第一个想法:在您的网站上提供基于 IMEI 加密的解锁代码。
当人们在您的网站上购买该应用程序时,他们必须在应用程序启动时输入代码。该应用程序会将未加密的号码与手机 IMEI 进行比较。
因此,如果 IMEI B 的人 A 将应用程序共享给 IMEI C 的人,则该应用程序将无法运行。
编辑:阅读这篇精彩的文章,获取 Android 设备的唯一编号:是否有唯一的 Android 设备 ID?
您也可以尝试
Settings.Secure#ANDROID_ID以唯一 64 位十六进制字符串形式返回 Android ID。但有时已知它为空,它被记录为“可以在恢复出厂设置时更改”。使用风险自负,并且可以在已root的手机上轻松更改。
现在最薄弱的部分是市场,它很容易共享和复制。
First idea: provide an unlock code based on IMEI encryption on your website.
When people buy the app on your website, they will have to enter a code at the app launch. The app will compare the uncrypted number to the phone IMEI.
So if people A with IMEI B share the app to people with IMEI C, the app won't work.
EDIT: read this great post to get a unique number for an Android device: Is there a unique Android device ID?
You can also try
Settings.Secure#ANDROID_IDreturns the Android ID as an unique 64-bit hex string.but It's known to be null sometimes, it's documented as "can change upon factory reset". Use at your own risk, and it can be easily changed on a rooted phone.
The weakest part will now be the Market, that's really easy to share and copy it.
这对于所有类型的软件来说都是一个问题,而不仅仅是 .apk 文件。
这个问题没有最终的解决方案,只有一些技巧和变通方法,使得该软件在不同设备上使用变得困难。
如果您只是将 .apk 文件放在网络上,您就没有“谁购买了该软件”的内部概念。使应用程序仅在某些手机上运行的唯一方法是将授权手机列表捆绑到应用程序中。
如果您不这样做,那么您可能会要求应用程序与集中式 Web 服务通信,该服务根据授权设备列表审查电话 ID,从而允许应用程序在这种情况下运行(这是 FlexLM)模型)。
网络上有一堆关于如何保护您的应用程序的文档,关于如何使保护消失的信息量可能是这些文档的 10 倍。
如果您的单位销量较低,那么授权设备的库存是一种合理的方法,但如果您销售的应用程序副本较多,那么 Web 服务方法就更有意义。
This is a problem for all kinds of software, not just .apk files.
There is no ultimate solution to this issue, there are only hacks and workarounds to make it difficult to use the software on different devices.
You have no internal concept of 'who bought the software' if you're just putting a .apk file on the web. The only way to make the application only work on certain phones is to bundle the list of authorized phones into the application.
If you do not do that, then you may, for example, require the application to talk to a centralized web-service that vets the phone ID against a list of authorized devices, allowing the application to run in this case (this is the FlexLM model).
There is a pile of documentation on the web about how to protect your application, there is probably 10x that amount of information on how to make the protection go away.
If your unit sales are low, then the inventory of authorized devices is a reasonable approach, but if you sell more than a handful of copies of the application, then the web-service approach makes more sense.
您无法阻止您的 apk 被共享。不过,您可以查看一下 Google 许可服务。该服务主要查询 Google Play 商店并查明用户是否确实购买了该应用程序。这主要是为付费应用程序设计的,但您也可以在免费应用程序中使用它。
You cannot stop your apk from being shared. However there is a google licensing service that you can look into. This service basically queries the google play store and finds out if the user actually bought the app . This is designed for mainly for the paid apps but you could use this in free apps too.