All geek questions in one place

Is it possible to verify the legality of installing a paid Android application by checking getInstallerPackageName?

To ensure that my paid Android application has been legally installed from the repository, I write this:

String installer = getPackageManager().getInstallerPackageName( "com.example.myapp"); if (installer == null) { // app was illegally downloaded from unknown source. // dear user, please re-install it from market } else { // app was probably installed legally // (also it good to check actual installer name) }

Everything is good? Is it likely that an application legally acquired and installed from the market will receive an empty installer package name and complete this test?

I understand that the user can run adb -i com.fake.installer myapp.apk and pass this check, but this is more important if legal users get potential problems or not.

+4
source share
2 answers

You should not use PackageManager#getInstallerPackageName to check if the application is installed from Google Play or for licensing purposes for the following reasons:

1) The packagename installer may change in the future. For example, the installer package name should be "com.google.android.feedback" (see here ), and now it is "com.android.vending" .

2) Checking the packagename installer for piracy reasons is equivalent to using Base64 for password encryption - this is just bad practice.

3) Users who legally purchased the application can download the APK or download it from another backup application that does not install the correct packagename installer file and receives a license verification error. This is likely to lead to poor reviews.

4) As you already mentioned, pirates can simply install the packagename installer when installing the APK.

You must use Application Licensing or switch to In-app Billing .

+3
source

While getInstallerPackage("com.example.mypackagename") does the trick and is basically a little harder for โ€œhackers" to still use your paid application without paying for it, though this is not the best way to prevent this.

What can you do instead?

How the license works

This basically ensures that the application was purchased by the user using the phone.

  • Another thing you can do is make your app free and add app purchases to it. In your case, only one upon purchase of the application, a one-time subscription. This, in my opinion, is the best solution to this problem for two reasons:
    • It solves your original problem by not allowing users to use your premium features if they donโ€™t actually purchase them.
    • This makes your application more convenient to download. Users can try this before they buy it, and this is always a plus when you are trying to attract more users.

Of course, there is a drawback: you have a lot of work if your application architecture was not built around this idea. However, I find it worth it.

+3
source

Source: https://habr.com/ru/post/1236078/

More articles:


All Articles