Anyone who reads the spec should be able to work out the backend, and we'd be happy to share this method with other app stores, but when we offered Google our previous licensing solution the response we got was a "Thanks but no thanks", so I'm not sure if they'd be interested.
The biggest problem I can see with sharing this solution is that you'll either end up with all app stores sharing purchase information (which is unlikely), or separate URLs for each store, which isn't great for developers. We'd be happy to use a Google approved solution, but as they haven't released details of the copy protection system (which is why we can't add that as an extra security measure) I'm not holding out much hope. Al. -- * Looking for Android Apps? - Try http://andappstore.com/ * ====== Funky Android Limited is registered in England & Wales with the company number 6741909. The views expressed in this email are those of the author and not necessarily those of Funky Android Limited, it's associates, or it's subsidiaries. On 14 Oct 2009, at 23:49, Robert Woodruff wrote: > We could ask AndAppStore if they are willing to share. > > So Al, is what you guys are doing with the app security something > that could be shared with Google and other app services? (I will > study your security API soon and hopefully be able toaccommodate it > in our apps!) > > I ask because your ideas seem spot on and more advanced than what > Google is providing. In fact, if Google does not do something > similar to beef up its security along the lines of what you guys are > doing them it will be time to quit trying to distribute through the > Google Market. Because as the Google Market stands right now it > means developers are signing up to give apps away. That's no way to > monetize. > > As Wayne says it would be nice to have a standard to ease the burden > on developers. > > > > On Wed, Oct 14, 2009 at 5:19 PM, Wayne Wenthin <wa...@fuligin.com> > wrote: > Adopting AndAppStore's version as a standard would be Ideal. Only > one set of code to modify. > > I wonder if they are willing to share with other stores? > > > On Wed, Oct 14, 2009 at 1:35 PM, Robert Woodruff > <woodman...@gmail.com> wrote: > Its not bullet proof, but it is thicker plating. Apparently the > AndAppStore people have already implemented something similar. I > feel like it is a step in the right direction and hope other like > Goolge Market and SlideMe will do somethng similar! > > Perhaps they can even adopt the AndAppStore version as a standard. > > > On Wed, Oct 14, 2009 at 1:54 PM, Dan Sherman <impact...@gmail.com> > wrote: > Unfortunately has a few problems: > > 1) The user has to have an internet connection on first load of the > app. > > 2) If its via HTTP or some other well documented protocol, could > easily have a hosts entry re-point where to ask for confirmation to > a server that just responds "OK". This could be overcome possibly > with a pub/priv key system of signing. > > 3) Should still be possible to get a copy of the apk, and remove the > code block for that check I imagine... > > You're going to have a problem with piracy no matter what you do. > Look at _every_ platform, and every form of copy protection, they > all have piracy. The only exception to this that I can see is > hosted services (like World of Warcraft, and websites), where all of > the user data is stored some place that you have control over, and > can check for validity on your side, with known-good code at run- > time. Any time you put code/logic on a client side, it can be > subverted one way or another... > > - Dan > > On Wed, Oct 14, 2009 at 1:38 PM, WoodManEXP <woodman...@gmail.com> > wrote: > > I am no security expert and have not thought this out all the way, but > could a workable solution to the pirating problem be something like > this: > > > 1. The market clients (like Google Market, AndAppStore, SlideME) could > record on their servers some kind of identifier about who bought the > app and perhaps what Android device it was bought for. They already > capture the who information. > > 2. Android apps that care can, on first launch, ask the user about > their identifier and what service they bought the app from. > > 3. The app, or the servers that support the app, can query, via http, > the market client service to ask did so-and-so get this app from you? > > 4. If an affirmative response can be had then the app is not pirated. > Otherwise the app is pirated > > Google Market, AndAppStore, SlideME, etc… will need to make such a > service available, via http. > > It would be straight-forward to generate a list of installed market > clients for the user to select from. The market clients may even be > able to supply the user identification so user does not need to enter > it. > > The application could retrieve from its servers the list of market > clients is believes are legitimate in order to prevent the bogus > clients from spoofing it. > > If you installed an app w/out a market client and the app did not > intend for such an installation to happen, like on rooted phones using > adb, then the app is pirated. > > And finally, could this process be invisible to the user and just > involve communication between the app and installed market clients and > the market clients servers and the apps servers? > > > > > > > > > > > > -- > Writing code is one of few things > that teaches me I don't know everything. > > http://www.fuligin.com > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
