Unfortunately, the truth is that you're not trying to stop 10 people,
you're trying to stop 1 person from making a version that thousands can
install without paying. It only takes one to let the cat out of the bag.
On 12/7/2011 1:15 PM, Kristopher Micinski wrote:
How much does your app cost?
There seem to be a lot of questions like this lately, but in reality I
think that putting in hours of effort to defeat the tiny fraction of
people who would even attempt this is mostly a waste of time, let's
say you spend 100 hours coming up with a defensive strategy, and your
app costs $100, if you value your time at $10/hour (conservatively)
then this would roughly equate to you needing to stop at least ten
people, I highly doubt that a very narrowly targeted app will have
even that many people trying that hard to break it...
kris
On Tue, Dec 6, 2011 at 11:29 PM, RLScott <fixthatpi...@yahoo.com
<mailto:fixthatpi...@yahoo.com>> wrote:
On Dec 6, 8:42 pm, Kristopher Micinski <krismicin...@gmail.com
<mailto:krismicin...@gmail.com>> wrote:
> On Tue, Dec 6, 2011 at 8:41 PM, Kristopher Micinski
> <krismicin...@gmail.com <mailto:krismicin...@gmail.com>>wrote:
>
>
>
>
>
>
>
> > On Tue, Dec 6, 2011 at 8:37 PM, Anil Jagtap
<anil.so...@gmail.com <mailto:anil.so...@gmail.com>> wrote:
>
> >> Even if the application is reverse engineered and say an
cracker gets
> >> 100% of your code. Still, what is use? it is your app that is
first in
> >> android market in case of android market apps. If someone makes a
> >> clone, it is still a 'clone' and you are the original. We are
using
> >> Java and hence risk of code stealing would always be there
for us. May
> >> developing in C may help, but again it has its own complications.
>
> >> Cheers
>
> > That's not what he's worried about,
>
> > he's worried that somebody will reverse engineer some
authentication
> > policy or something and reveal something other than just the
source to the
> > app..
>
> > kris
>
> Sorry, I thought he had specified this,
> though, that is what you're worried about, no?
That's right. It is an expensive app for a narrow market, which is
why I am not distributing through the Google Marketplace. The
licensing scheme involves a free-trial mode when the app is first
installed. Then to unlock the paid mode, the user e-mails me the wi-
fi MAC address. I then calculate a license number that hashes into
that MAC address and send them that license number. They enter that
license number and my code checks that the license number hashes into
the MAC address. The hash is really a trap-door function that is
difficult to invert without the private key that only I have. Of
course someone could find where I am checking the hash and patch my
code to skip around it. But I am hoping that no one will find a way
to defeat my code without patching it (i.e. inverting the trap-door
function). The code that inverts the trap-door function does not
exist in the app. It only exists on my computer.
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to
android-developers@googlegroups.com
<mailto:android-developers@googlegroups.com>
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
<mailto:android-developers%2bunsubscr...@googlegroups.com>
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
