Message info
 
To:android-developers@googlegroups.com From:Latimerius Subject:Re: [android-developers] Demo/Full Game options on Google Play Date:Thu, 12 Apr 2012 17:26:37 +0200
 

I too consider not protecting the app at all a valid option. However,
ideally I would like to have something to deter the more simple-minded
cracking attacks. Anti-copying protection seems to follow the 80/20
rule quite often - confusing and annoying the army of script kiddies
or attackers who are not very knowledgeable or motivated doesn't cost
you all that much. The rest you'll have to bow to anyway.

And I too agree that user convenience weighs more than good
anti-copying measures. Which is why I'm considering, if I can't do
LVL under the free/paid app scheme properly, it might be better to
avoid it altogether. Because pretty much anytime you use a protection
scheme, you run a risk of annoying legitimate users - and running that
risk doesn't seem to be worth it for a protection that doesn't even
protect very much.

Not being able to obfuscate and hide LVL code in other code is quite a
big deal here - under the particular circumstances (all of your code
and assets live in untrusted environment) obfuscation is your
front-line security measure. Without it, your security core (the LVL
check itself) becomes exposed and vulnerable.

I'll have to think about this some more and weigh carefully pros and cons.

2012/4/12 Kostya Vasilyev <kmansoft@gmail.com>:
> I'll try to throw in a few more two cent coins :)
>
> 1) Hackers and piracy, pt1.
>
> Some people on this list have stated that they've chosen to not implement
> LVL for a paid app, and to spend that time improving the app.
>
> There is certainly nothing wrong with that decision.
>
> 2)Hackers and piracy, pt2.
>
> Not every user is going to search for a cracked copy of a paid app they
> would like to have.
>
> Some just press "Buy", even when there is a cracked version somewhere.
>
> Of those, I suspect some consciously do it to support the developer, some
> don't realize there are sites with cracked apps, some are worried about
> malware and so install from the more "official" source (Market), some do it
> for the convenience.
>
> 3) Base app + unlocker key vs. limited free + full paid apps.
>
> There are apps in Market that use either approach, and at this point, I
> believe both ways are well understood by the users (at least the type who
> can find the Menu button on their phone... some can't...).
>
> I would look at how the users are going to transition from the free/base app
> to the full/unlocked app with as little interruption as possible.
>
> If the app is such that the user spends a lot of time setting it up (the
> free/base version at first), I'd either:
>
> - go with the base/unlocker approach so that the data stays intact
>
> - provide a really easy, preferably automatic export / import or transition
> capability
>
> -- K
>
> 12 2012. 18:35 Justin Anderson <magouyaware@gmail.com>
> :
>
>>> In theory yes, but although I'm most definitely not too much of a
>>> cracker, I'm confident I could disable a security check that's alone
>>> in its executable in a matter of minutes. :-(
>>
>> An experienced hacker could pretty much do that no matter what you do...
>>
>>
>> Thanks,
>> Justin Anderson
>> MagouyaWare Developer
>> http://sites.google.com/site/magouyaware
>>
>>
>> On Thu, Apr 12, 2012 at 8:31 AM, Iain King <iainking@gmail.com> wrote:
>>>
>>>
>>>
>>> On Thursday, 12 April 2012 15:27:29 UTC+1, latimerius wrote:
>>>>
>>>> On Thu, Apr 12, 2012 at 2:34 AM, b0b wrote:
>>>> >
>>>> >> Would it also be possible to initiate the LVL check from the free
>>>> >> app?
>>>> >
>>>> >
>>>> > Not possible. You cannot add the request LVL permission to a free app.
>>>>
>>>> Hmm, that's kind of silly. Obviously, it makes no sense to LVL-check
>>>> a package that's free in the first place, however this should not
>>>> depend on the package that is asking but the package being asked
>>>> about, right?
>>>>
>>>> > The solution described by MagoutaWare works very well.
>>>>
>>>> In theory yes, but although I'm most definitely not too much of a
>>>> cracker, I'm confident I could disable a security check that's alone
>>>> in its executable in a matter of minutes. :-(
>>>>
>>>> This sounds like a borderline showstopper to me, I'll have to consider
>>>> whether it's actually even worth bothering with LVL under these
>>>> circumstances...
>>>
>>>
>>> You know, that's not a terrible idea. You can still release stuff on
>>> Play without implementing LVL, right? Or even if you can need some, you
>>> could implement token code that does nothing.
>>>
>>> Iain
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Android Developers" group.
>>> To post to this group, send email to android-developers@googlegroups.com
>>> To unsubscribe from this group, send email to
>>> android-developers+unsubscribe@googlegroups.com
>>> For more options, visit this group at
>>> http://groups.google.com/group/android-developers?hl=en
>>
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "Android Developers" group.
>> To post to this group, send email to android-developers@googlegroups.com
>> To unsubscribe from this group, send email to
>> android-developers+unsubscribe@googlegroups.com
>> For more options, visit this group at
>> http://groups.google.com/group/android-developers?hl=en
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Android Developers" group.
> To post to this group, send email to android-developers@googlegroups.com
> To unsubscribe from this group, send email to
> android-developers+unsubscribe@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/android-developers?hl=en

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en