Download the free trial version
Basic4android Video
Features
Tutorials and manuals
Showcase
Screenshots

Go Back   Android Development Forum - Basic4android > Basic4android > Basic4android Getting started & Tutorials
Protect your Android application with the Licensing library Protect your Android application with the Licensing library
Documentation Wiki Register Members List B4P Search Today's Posts Mark Forums Read

Basic4android Getting started & Tutorials Android development starts here. Please do not post questions in this sub-forum.

Protect your Android application with the Licensing library

Reply
Page 1 of 8 1 23 > Last »
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 09-11-2011, 02:13 PM
Erel's Avatar
Administrator
  
Join Date: Apr 2007
Posts: 15,689
Awards Showcase
Basic4ppc Founder 
Total Awards: 1
Default Protect your Android application with the Licensing library
The licensing library allows you to use Android market licensing service to verify that the user is allowed to access your application.

Your applications sends a request to the local market application. The market application contacts the market server and returns the result. The result is cached based on the market rules.

It is recommended to go over Google's documentation related to the licensing method: Application Licensing | Android Developers

Configuring the licensing library is simple. You should first have a publisher account in the market.
By clicking on the Edit Profile link you will taken to a page which shows your publisher public key. This page also includes the "test console".
This console allows you to set the result that will be returned from the server in test mode. Test mode happens automatically with devices running using your publisher account.

The licensing library and service will not prevent a dedicated hacker from hacking your application. It will however make it more difficult.

The first step is to initialize a LicenseChecker object:
Code:
Sub Activity_Create(FirstTime As Boolean)
    Dim lc As LicenseChecker
    Dim p As PhoneId
    lc.Initialize("lc", p.GetDeviceId, publicKey, "kljdflkf".GetBytes("UTF8"))
    lc.SetVariableAndValue("test1""some secret value")
    lc.CheckAccess
End Sub
The result of the licensing check is cached locally. The cache is encrypted with AES algorithm. In order to avoid users from tampering with the cache and copying the cache to different devices, the device id is used together with the package name as the password.

Note that the same user will be able to download your application to other devices running with the same user account.

PhoneId (from the Phone library) requires the READ_STATE permission. The protection will still work if you pass an arbitrary string. It will be weaker however.
The Salt parameter should be an array of bytes with some random values (the values should be the same on each run).

Edit: It is recommended to use the alternative id method as described here: http://www.basic4ppc.com/forum/basic...e-phoneid.html

The next step is to call lc.CheckAccess. This in turn calls the market application or the local cache and checks whether the user is allowed to access the program.
One of the following events will be raised when the result arrives: Allow, DontAllow or Error (ErrorCode As String).
It is up to you to handle the event subs as required.

LicenseChecker.SetVariableAndValue
A simple way to hack an application is to "jump over" the checking code. For example a hacker might remove the call to CheckAccess and instead call your Allow event sub.
In order to make it a bit more complicated you can call LicenseChecker.SetVariableAndValue.
For example:
Code:
lc.SetVariableAndValue("test1""some secret value")
The above code will set the value of a process global string value in the main activity named test1 to "some secret value" if the check was successful. You should not use or test the value of test1 in the Allow event sub as it will be too obvious. Instead you should use it later in your program.
You can be creative and pass the name of the variable or the value by using BytesToString or some other way.
As this variable is accessed in a dynamic way it will fail when the code is obfuscated. Therefore you need to include an underscore in the variable name to prevent it from being obfuscated. For example: v_1.

A more complete example:
Code:
Sub Process_Globals
    Dim publicKey As String
    publicKey = "MIIBIjANBgkqhAADSFEFEFkiG9w0BfW/cGhTbtIs6QIDAQAB..."
    Dim test1 As String
End Sub
Sub Globals

End Sub
Sub Activity_Create(FirstTime As Boolean)
    Dim lc As LicenseChecker
    Dim p As PhoneId
    lc.Initialize("lc", p.GetDeviceId, publicKey, "kljdflkf".GetBytes("UTF8"))
    lc.SetVariableAndValue("test1""some secret value")
    lc.CheckAccess
End Sub
Sub lc_Allow
    Log("Allow")
End Sub
Sub lc_DontAllow
    Log("DontAllow")
    ToastMessageShow("Closing application."True)
    Activity.Finish
End Sub
Sub lc_Error (ErrorCode As String)
    Log("error: " & ErrorCode)
    ToastMessageShow("Closing application."True)
    Activity.Finish
End Sub
Sub Activity_Pause(UserClosed As Boolean)
    
End Sub
Sub Activity_Resume

End Sub
The library is available here: http://www.basic4ppc.com/forum/addit...g-library.html
Reply With Quote
  #2 (permalink)  
Old 09-20-2011, 02:53 PM
Knows the basics
  
Join Date: Aug 2011
Posts: 71
Default Thank you!
I'd like to thank you for getting this library written. I have some concerns about the B4A community getting caught with pants down when Google gets around to cancelling their old Copy Protection service, which they've been promising for a while now.

THANK YOU for providing us with a way to use the new service! Whew!

Looking forward to putting it to use!



- Highwinder
Reply With Quote
  #3 (permalink)  
Old 09-20-2011, 03:22 PM
Kamac's Avatar
Basic4ppc Veteran
  
Join Date: Jul 2011
Posts: 316
Send a message via Yahoo to Kamac
Default
Yay.

(It won't be useful for me as i can't sell anything)

But still good job on this one
__________________
My blog ~ www.kamacdev.wordpress.com
Reply With Quote
  #4 (permalink)  
Old 09-20-2011, 03:44 PM
pjd pjd is offline
Junior Member
  
Join Date: Sep 2011
Location: Herts, UK
Posts: 12
Default
Quote:
Originally Posted by Kamac View Post
(It won't be useful for me as i can't sell anything)
why not ?!
Reply With Quote
  #5 (permalink)  
Old 09-20-2011, 05:07 PM
Knows the basics
  
Join Date: Sep 2011
Posts: 83
Default
One thing to keep in mind when using this license is that google strongly suggests that you obfuscate your code with progaurd. Google's license can be cracked very easily article here

It would be nice to have an easy way from B4A to use progaurd.
Reply With Quote
  #6 (permalink)  
Old 09-21-2011, 06:12 AM
Erel's Avatar
Administrator
  
Join Date: Apr 2007
Posts: 15,689
Awards Showcase
Basic4ppc Founder 
Total Awards: 1
Default
Quote:
It would be nice to have an easy way from B4A to use progaurd.
It is in the planned feature list.

Note that the library itself is obfuscated and using SetVariableAndValue correctly should give you more protection.
Reply With Quote
  #7 (permalink)  
Old 09-23-2011, 02:58 PM
Knows the basics
  
Join Date: Sep 2011
Posts: 83
Default
Quote:
Originally Posted by Erel View Post
It is in the planned feature list.

Note that the library itself is obfuscated and using SetVariableAndValue correctly should give you more protection.
I think google was talking about your entire code being obfuscated, not just the license library.

Anyway, thanks for the info. I am glad this is in the planned feature list.
Reply With Quote
  #8 (permalink)  
Old 09-26-2011, 05:06 PM
Basic4ppc Veteran
  
Join Date: Jul 2011
Posts: 209
Default
So, does have Internet is needed in order to every time user execute our application??

Does B4A's Routing list is public??
Reply With Quote
  #9 (permalink)  
Old 09-26-2011, 05:40 PM
Erel's Avatar
Administrator
  
Join Date: Apr 2007
Posts: 15,689
Awards Showcase
Basic4ppc Founder 
Total Awards: 1
Default
Quote:
So, does have Internet is needed in order to every time user execute our application??
No. The result is cached locally.

Quote:
Does B4A's Routing list is public??
What do you mean with routing list?
Reply With Quote
  #10 (permalink)  
Old 09-27-2011, 07:45 AM
Basic4ppc Veteran
  
Join Date: Jul 2011
Posts: 209
Default
Quote:
Originally Posted by Erel View Post
No. The result is cached locally.
What do you mean with routing list?
I was asking for B4A's development road map, which features are you going to implement next, etc.
Reply With Quote
Reply
Page 1 of 8 1 23 > Last »

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Application Licensing splatt Basic4android Updates and Questions 17 10-08-2011 05:30 PM
wish: Application Licensing peacemaker Bugs & wishlist 0 06-27-2011 11:30 AM
application protect slowtime Basic4android Updates and Questions 12 05-19-2011 06:10 PM
android database protect slowtime Basic4android Updates and Questions 4 02-28-2011 09:54 AM
Android Market Licensing eddy2099 Basic4android Updates and Questions 10 02-22-2011 11:10 PM


All times are GMT. The time now is 09:59 AM.

Contact Us - Basic4android - Android programming - Top

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.3.0