That's the scheme we've already implemented at AndAppStore with a slight twist to make it harder to generate spoof responses using a DNS repoint.
Al. On Oct 14, 6:38 pm, WoodManEXP <woodman...@gmail.com> wrote: > I am no security expert and have not thought this out all the way, but > could a workable solution to the pirating problem be something like > this: > > 1. The market clients (like Google Market, AndAppStore, SlideME) could > record on their servers some kind of identifier about who bought the > app and perhaps what Android device it was bought for. They already > capture the who information. > > 2. Android apps that care can, on first launch, ask the user about > their identifier and what service they bought the app from. > > 3. The app, or the servers that support the app, can query, via http, > the market client service to ask did so-and-so get this app from you? > > 4. If an affirmative response can be had then the app is not pirated. > Otherwise the app is pirated > > Google Market, AndAppStore, SlideME, etc… will need to make such a > service available, via http. > > It would be straight-forward to generate a list of installed market > clients for the user to select from. The market clients may even be > able to supply the user identification so user does not need to enter > it. > > The application could retrieve from its servers the list of market > clients is believes are legitimate in order to prevent the bogus > clients from spoofing it. > > If you installed an app w/out a market client and the app did not > intend for such an installation to happen, like on rooted phones using > adb, then the app is pirated. > > And finally, could this process be invisible to the user and just > involve communication between the app and installed market clients and > the market clients servers and the apps servers? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---