如何验证付费 iOS 应用
我将把新的付费应用程序部署到应用程序商店。这个应用程序将连接到我们的服务器并下载一些数据(有时相当大)。
我想知道,有什么方法可以检查(在服务器端)该请求来自应用程序,该应用程序确实已付款(不是被盗)。
我知道任何人都可以购买应用程序一次然后分发它(拥有越狱手机/平板电脑的人可以轻松安装它)。它可能会导致我们的服务器产生额外的流量,我们希望保护我们免受其影响。
或者我可以以某种方式弄清楚,该请求来自一份已售出的应用程序副本?在这种情况下,我可以限制一份副本的下载数量,因此如果它被广泛分发,它有一天就会停止工作。
有什么想法吗?
I'm going to deploy new paid app to appstore. This app will connect to our server and download some data (pretty big sometimes).
I'd like to know, is there any way I can check (on server side), that request is going from app, which was really paid (not stolen).
I know that anybody can buy app once and then distribute it (and guys with jailbreaked phones/pads can install it easily). It may cause extra traffic from our servers, and we want to protect us from it.
Or may be I can somehow figure out, that request comes from one sold copy of app? In this case, I can restrict numbers of downloads from one copy, so if it will be widely distributed, it just stops works one day.
Any ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我将这段从我不久前发送到 cocoa-dev 邮件列表的电子邮件中逐字复制给有您担忧的人。这些数字可能已经改变,但我的理由仍然适用,为什么我认为考虑这类事情是浪费时间。
抛开所有技术问题,你有证据表明
越狱盗版是一个足够大的问题,足以证明你做这一切是合理的?
首先,虽然我没有百分比,但我很确定这是一个
少数手机已越狱。我非常精通技术
人群中,我只认识一个人,他们的手机越狱了,而我
我相当有信心技术人员更有可能经历
麻烦。 (有多少普通用户对它的含义有最模糊的了解?
意味着“越狱”设备?)
越狱可能在具有以下特征的国家和文化中更为普遍:
减少了为软件付费的传统。但这导致
第二点......
从你的角度来看,你(大概)真的很关心转换
潜在的软件盗版者侵入付费客户。如果他们不能使用
您的应用程序位于越狱设备上,但不合法购买,您
没有完成任何经济上有价值的事情。事实上,你可以
情况会变得更糟,因为你失去了(诚然很小)的可能性
潜在的盗版者会向其他人展示您的应用程序,而其他人也可能会反过来
成为付费客户。
因此,您的计算应该类似于:(
拥有兼容设备的用户数)*(越狱设备的%)*(%
对您的应用感兴趣)*(无法或不愿意规避您的百分比
保护)*(当遇到复制品时会购买您的应用程序的人所占的百分比)
保护)*(每次销售的价格)> (合法销售量的增加
可以通过将开发资源投入到产品中来获得
增强、营销、支持等)
假设已售出 250M 兼容设备,其中 150M
不同的用户(假设有很多人已经替换了
设备或拥有 iPhone 的 iPad 等)假设 10% 已越狱,
这就是一些粗略的谷歌搜索结果。这给了我们 15M
候选用户。
现在,除非你正在写《愤怒的小鸟》,否则你似乎不太可能
吸引超过 1% 的用户群。剩下 15 万用户。
也许 80% 不愿意规避您的版权保护,剩下 120K
用户。现在关键是:有多少人会真正想要购买
该应用程序?也许是5%?这样您就有 6000 个用户。
因此,根据这些公认的粗略估计,如果您甚至可以获得 6000
用户(上述假设的 1.35 亿非越狱用户群中)
把你的时间和精力投入到其他事情上,你就会取得领先。
I am copying this verbatim from an email I sent to the cocoa-dev mailing list a while back to someone who had your concerns. The numbers have probably changed, but my rationale still applies as to why I think it's a waste of time to even think about this sort of stuff.
Setting aside all the technical issues, do you have evidence that
jailbreak piracy is a large enough problem to justify you doing all this?
For one, while I don't have a percentage I'm quite certain that it is a
minority of phones that are jailbroken. I run with a pretty tech savvy
crowd and I know only one person who has jailbroken their phone, and I
am fairly confident that techies are more likely to go through the
trouble. (How many average users have the faintest idea of what it
means to "jailbreak" a device?)
Jailbreaking is probably more prevalent in countries and cultures with
less of a tradition of paying for software. But this leads to the
second point...
From your standpoint you (presumably) really care about converting
would-be software pirates into paying customers. If they can't use
your app on a jailbroken device yet don't buy it legitimately, you
haven't accomplished anything economically worthwhile. In fact, you may
be worse off because you lose the (admittedly small) possibility that
the would-be pirate will show off your app to others who might in turn
become paying customers.
So, your calculus ought to be something like:
(# users with compatible devices) * (% with jailbroken devices) * (%
interested in your app) * (% unable or unwilling to circumvent your
protection) * (% who will purchase your app when confronted with copy
protection) * ($ price per sale) > (increase in legitimate sales that
could be obtained by devoting development resources to product
enhancement, marketing, support, etc.)
Let's suppose that 250M compatible devices have been sold, with 150M
distinct users (assuming that there are many people who have replaced
devices or own iPad with an iPhone, etc.) Suppose 10% are jailbroken,
which is what some cursory Googling turns up. That gives us 15M
candidate users.
Now, unless you are writing Angry Birds, it seems unlikely that you will
appeal to any more than 1% of the user base. That leaves 150K users.
Maybe 80% are unwilling to circumvent your copy protection, leaving 120K
users. Now the kicker: how many are then going to want to actually buy
the app? Maybe 5%? That puts you at 6000 users.
So with these admittedly crude guesstimates, if you could gain even 6000
users (out of the 135M non-jailbroken user base postulated above) by
devoting your time and energy to anything else, you'd come out ahead.
好吧,有很多尝试来检测设备是否越狱。但他们中的大多数人都可以再次被欺骗。因此没有安全的方法来检测越狱设备。但只需搜索“检测越狱”即可。
您可以将结果发送到您的服务器(连同数据请求)并决定要做什么。但想想康拉德·舒尔茨所说的努力。
无论如何,您可以跟踪销售了多少应用程序以及有多少服务器请求。因此,您将获得您的私人统计数据,即您的应用程序有多少副本被盗。如果您的应用程序确实存在大问题,您可以随时上传应用程序更新。
Well there are many tries to detect, if a device is jailbroken. But most of them can be tricked out again. So there is no SAFE method of detecting a jailbroken device. But just search for "detect jailbreak".
Than you could send your result to your server (together with the data request) and decide, what to do. But think about the effort, as said by Conrad Shultz.
Anyway you can track, how many apps are sold and how many server requests there are. So you will have youre private statistic, how many copies of your app are stolen. You can upload an update for your app anytime, if it really will be a big problem in your case.