Paid App Protection, a problem of the whole Android ecosphere

by david » Sun, 30 Aug 2009 03:59:43 GMT


Sponsored Links
 Hi all,

Anyone of you have experience with paid apps in the Android market?
Recent examples have been shown that paid apps can easily be copied
and distributed even with copy protection enabled in the market. Is
there anything Google has built into the Android OS to prevent this?
Is there any SDK call to check wheter for an app has been paid for
(check against the market application?) or anything else, so a
developer can have the same secure environment like on the iPhone?
Otherwise this is a big problem for the whole Android ecosphere as we
won't see many high quality apps popping up.

/David



--~--~---------~--~----~------------~-------~--~----~



Paid App Protection, a problem of the whole Android ecosphere

by Mark Murphy » Sun, 30 Aug 2009 04:55:01 GMT


 


Application developers are welcome to use third-party DRM solutions.
AndAppStore and SlideME each have one, IIRC, and there are probably
others. Nobody is pointing a gun at your head to force you to use the
one in the Android Market...which is good, since the Android Market DRM
will not work in other markets.

Moreover, your assumption that ineffective copy protection means "we
won't see many high quality apps" seems to fly in the face of the
high-quality apps available for a range of operating systems (desktop
and mobile) that do not have any form of copy protection by intent.

-- 
Mark Murphy (a Commons Guy)
 http://commonsware.com  |  http://twitter.com/commonsguy 

Android Development Wiki:  http://wiki.andmob.org 

--~--~---------~--~----~------------~-------~--~----~


Sponsored Links


Paid App Protection, a problem of the whole Android ecosphere

by Al Sutton » Sun, 30 Aug 2009 16:09:20 GMT


 The AndAppStore scheme isn't limited to AndAppStore and can be used by apps 
made available via Googles Market, SlideME, etc. if you want.

You can find more info at 
 http://andappstore.com/AndroidApplications/licensing.jsp 

Al.

-- 

* Written an Android App? - List it at  http://andappstore.com/  *

======
Funky Android Limited is registered in England & Wales with the
company number 6741909. The registered head office is Kemp House,
152-160 City Road, London, EC1V 2NX, UK.

The views expressed in this email are those of the author and not
necessarily those of Funky Android Limited, it's associates, or it's
subsidiaries.


-----Original Message-----
From: android-discuss@googlegroups.com 
[mailto:android-disc...@googlegroups.com] On Behalf Of Mark Murphy
Sent: 29 August 2009 21:31
To: android-discuss@googlegroups.com
Subject: [android-discuss] Re: Paid App Protection, a problem of the whole 
Android ecosphere





Application developers are welcome to use third-party DRM solutions.
AndAppStore and SlideME each have one, IIRC, and there are probably
others. Nobody is pointing a gun at your head to force you to use the
one in the Android Market...which is good, since the Android Market DRM
will not work in other markets.

Moreover, your assumption that ineffective copy protection means "we
won't see many high quality apps" seems to fly in the face of the
high-quality apps available for a range of operating systems (desktop
and mobile) that do not have any form of copy protection by intent.

-- 
Mark Murphy (a Commons Guy)
 http://commonsware.com  |  http://twitter.com/commonsguy 

Android Development Wiki:  http://wiki.andmob.org 



--~--~---------~--~----~------------~-------~--~----~



Paid App Protection, a problem of the whole Android ecosphere

by david » Sun, 30 Aug 2009 22:52:45 GMT


 Thanks Mark for the quick response. So you suggest to move away from
the Android Market and use third party app stores like AndAppStore and
SlideME? This leads me to my next question: Will the Android Market
support a copy protection like the "SlideLock" of SlideME in the near
future? Because as a developer of Android apps I don't want to invest
too much time into copy protecting my apps by myself, if a general
solution could solve this. I know that there are many high quality
apps on other operation systems circulating, but they invest a lot of
time in re-inventing the wheel over and over by enhancing their copy
protection algos. On the mobile device we're somehow limited in
usability compared to the desktop apps as well. It's just a big hurdle
to let the user enter endless license keys or something similar. Do
you think this will enhance the user experience of Android powered
devices? I fear not. IMHO, if Google encourages developers to leverage
the  Android OS with competitions like the ADC, they should also
invest a little bit into helping developers to monetize their apps
later and not spending too much time thinking about copy protection.







--~--~---------~--~----~------------~-------~--~----~



Paid App Protection, a problem of the whole Android ecosphere

by Mark Murphy » Sun, 30 Aug 2009 23:27:26 GMT


 





"Application developers are welcome to use third-party DRM solutions."

As Al Sutton pointed out, some of these solutions (in his case, the one
published through AndAppStore) work for the Android Market as well.

That being said, you should definitely consider publishing in multiple
markets. Not all devices will have the Android Market installed.


Beats me. If it is like their current solution, one that only works for
Android Market, it would not be very interesting to me.


An Android Market-specific solution is not a general solution, since
there are other markets besides the Android Market. A third-party
solution *can* be a general solution.


If you have in your possession a statistically-valid survey that proves
this claim, please publish it, as I'd love to read it. The firms who
provide third-party Windows-based DRM solutions (e.g., Sentinel) might
want to take a peek at it as well.


Not all copy protection/DRM solutions require license keys to be
entered. For example, near as I can tell, the AndAppStore solution does
not require entering a license key. Similarly, SlideLock does not seem
to require entering a license key (though it appears SlideLock only
works on SlideME's own market, if I am understanding the documentation
correctly).


You are certainly welcome to your opinion.

I don't share it, as third parties can more readily offer DRM solutions
than they can, say, more Bluetooth profiles or other things intrinsic to
the Android OS. And, even within the narrower scope of "helping
developers to monetize their apps", I suspect DRM would not be anywhere
near the top of my list of things Google could do that would help in
this area.

The recent crop of people complaining about Google competing with
independent developers may not share your opinion either.

-- 
Mark Murphy (a Commons Guy)
 http://commonsware.com  |  http://twitter.com/commonsguy 

Need help for your Android OSS project?  http://wiki.andmob.org/hado 

--~--~---------~--~----~------------~-------~--~----~



Paid App Protection, a problem of the whole Android ecosphere

by sm1 » Sun, 30 Aug 2009 23:42:44 GMT


 David,
What are the recent examples of paid apps that have been copied and
distributed illegally?

Is this a growing problem or is it limited to a few cases?

Can existing law enforcement or lawyers be used to limit the number of
cases in the future?

thanks
serge



--~--~---------~--~----~------------~-------~--~----~



Paid App Protection, a problem of the whole Android ecosphere

by Michael Elsd枚rfer » Sun, 30 Aug 2009 23:52:19 GMT


 > (check against the market application?) or anything else, so a
 > developer can have the same secure environment like on the iPhone?

People are pirating on jail-breaked iPhones, are they not?

Michael

--~--~---------~--~----~------------~-------~--~----~



Paid App Protection, a problem of the whole Android ecosphere

by Al Sutton » Mon, 31 Aug 2009 00:11:49 GMT


 ne of the biggest problems we at AndAppStore have at the moment with Google is 
that they seem to be treating app distribution and licensing as an add-on as
opposed to making it an open part of the OS. They currently don't share any
details of how to enable or use the existing current copy protection scheme (so
developers and app directories can't use it), and Market uses APIs which are
only available to apps signed by a specific key which, again, 3rd parties don't
have access to.

We'd like to see an accepted licensing standard which will work all Android
devices that can be used by third parties without the need to go through
Market. To try and push this along several months ago we offered to hand over
all the details of our licensing system to Google but met with a "thanks, but
no thanks, we're working on our own system" kind of response, which led us to
believe there will be an improvement at some point, but it's not going to work
on all Android devices (because not all devices have Market).

Hopefully, someday, we'll see an improvement to the situation and there will be
one licensing system which can be used by any app directory or developer as
they wish.

Al.
--

* Written an Android App? - List it at http://andappstore.com/ *

======
Funky Android Limited is registered in England & Wales with the
company number 6741909. The registered head office is Kemp House,
152-160 City Road, London, EC1V 2NX, UK.

The views expressed in this email are those of the author and not
necessarily those of Funky Android Limited, it's associates, or it's
subsidiaries.

-----Original Message-----
From: android-discuss@googlegroups.com
[mailto:android-disc...@googlegroups.com] On Behalf Of david
Sent: 30 August 2009 15:52
To: Android Discuss
Subject: [android-discuss] Re: Paid App Protection, a problem of the whole
Android ecosphere




Thanks Mark for the quick response. So you suggest to move away from
the Android Market and use third party app stores like AndAppStore and
SlideME? This leads me to my next question: Will the Android Market
support a copy protection like the "SlideLock" of SlideME in the near
future? Because as a developer of Android apps I don't want to invest
too much time into copy protecting my apps by myself, if a general
solution could solve this. I know that there are many high quality
apps on other operation systems circulating, but they invest a lot of
time in re-inventing the wheel over and over by enhancing their copy
protection algos. On the mobile device we're somehow limited in
usability compared to the desktop apps as well. It's just a big hurdle
to let the user enter endless license keys or something similar. Do
you think this will enhance the user experience of Android powered
devices? I fear not. IMHO, if Google encourages developers to leverage
the Android OS with competitions like the ADC, they should also
invest a little bit into helping developers to monetize their apps
later and not spending too much time thinking about copy protection.




On Aug 30, 10:08am, Al Sutton <a...@funkyandroid.com> wrote:


--~--~---------~--~----~------------~-------~--~----~



Paid App Protection, a problem of the whole Android ecosphere

by Mark Murphy » Mon, 31 Aug 2009 00:57:22 GMT


 


+1

-- 
Mark Murphy (a Commons Guy)
 http://commonsware.com  |  http://twitter.com/commonsguy 

Android 1.5 Programming Books:  http://commonsware.com/books.html 

--~--~---------~--~----~------------~-------~--~----~



Paid App Protection, a problem of the whole Android ecosphere

by david » Mon, 31 Aug 2009 03:57:36 GMT


 

On of the best examples is my favorite Twitter client. They published
a premium version and minutes after the launch the .apk file was
available for download. So they might choose not to continue
development on Android if they based their business model on a paid
version.


Did this help for music and video industry? And they have tons of
money too enforce the law, a Android developer might not.


--~--~---------~--~----~------------~-------~--~----~



Paid App Protection, a problem of the whole Android ecosphere

by david » Mon, 31 Aug 2009 03:59:06 GMT


 


If you've a jailbreaked iPhone you will still have to pay for $$$ apps
from the iTunes store, 'cause Apple has a DRM solution in place.

--~--~---------~--~----~------------~-------~--~----~



Paid App Protection, a problem of the whole Android ecosphere

by Michael Elsd枚rfer » Mon, 31 Aug 2009 06:12:13 GMT


 > If you've a jailbreaked iPhone you will still have to pay for $$$
 > apps from the iTunes store, 'cause Apple has a DRM solution in place.

I am in now way an iPhone expert, but I do know that 
Installous/Appulo.us and whatnot do exist.

So whatever DRM solution Apple uses, it can't be that effective. And 
certainly there is no shortage of iPhone developers on the web 
complaining about piracy.

Michael

--~--~---------~--~----~------------~-------~--~----~



Paid App Protection, a problem of the whole Android ecosphere

by patrick » Mon, 31 Aug 2009 14:21:27 GMT


 On iPhone you need jailbreaked iPhone to extract apps(ex: crackulous),
then if someone wants to install this application, he has to jailbreak
too.
On android, you have to root ur phone to extract Market's copy
protected apps but once extracted, the apps can be installed on ANY
official android phone, without any modifications.


On Aug 31, 12:11am, Michael Elsdrfer <mich...@elsdoerfer.info>



--~--~---------~--~----~------------~-------~--~----~



Paid App Protection, a problem of the whole Android ecosphere

by lbcoder » Mon, 31 Aug 2009 22:33:10 GMT


 o copy protection is 100%.
There are many different schemes that can be used to prevent copying,
and every single one can be circumvented by some means.

Android by design, provides only a very simple copy protection
mechanism -- installation to a non-user-readable path. Having super-
user privileges bypasses this restriction.

And yes, apps that have been copied can be installed anywhere.

The most major deficiency of this copy protection is the inequity of
app distribution imposed as a result of root privileges, for example,
developer devices (ADP1) are blocked from installing protected apps
from the market since they have root. Rooted devices are not
identifies as ADP1 and therefore CAN install protected apps.


Bringing up apple protection as a comparison against android is really
not fair. Non-rooted apple phones can only have apps installed from
apple's market. This is a very restrictive process that is quite
incompatible with the philosophy behind android, and quite frankly,
couldn't be implemented in any reliable manner due to the availability
of the applicable source code. Nor would most people want it to be.


Now the thing is this; these days, people are being trained to buy
apps and media. For some inexplicable reason, online media stores are
actually successful, despite the availability of pirated music (for
example) for people who aren't either morally opposed to piracy or
simply too lazy to look for it. (I'm not going to get into moral or
legal discussions here). Fact is that having the market sitting right
there in front of the customers make it easiest FOR THEM to simply
drop the $2 and buy the app -- that is greatest anti-piracy measure
available to date BY FAR. Yes, there are a few people who will still
go out to pirate apps, but this will usually be restricted to
expensive apps (i.e. copilot costs $35 on the android market for
N.A.), or for getting around things that are retarded (like ADP1 being
blocked from protected apps and paid apps being unavailable in regions
like Canada).


Now if you really want to implement some copy protection, there have
been some suggestions made above. I can also describe the copy
protection on copilot, which I have observed;

The way copilot protects their apps is this;
You buy the app on the market -- this sends some data back to ALK
regarding the purchase including market invoice number and some device
identification details. You then have access to the 10 day trial
(which quits working after 10 days). Within that 10 days, they receive
the data, your phone then "calls home", provides its information, and
if they confirm that you have paid for the app, it sends the
registration code (which is an encryption of some bunch of data that
can be linked directly to your phone) confirming (with their software)
that it can keep working indefinitely.

*** of course, copilot has been hacked anyways.
As it will happen for anything worth having (and some things NOT worth
having).


On Aug 29, 7:55am, david <p...@tripsailor.com> wrote:
--~--~---------~--~----~------------~-------~--~----~



Paid App Protection, a problem of the whole Android ecosphere

by sm1 » Thu, 03 Sep 2009 07:54:04 GMT


 Thanks for the answers David. Your post has made this an important
issue for me.
serge






--~--~---------~--~----~------------~-------~--~----~



Other Threads

1. APK Cut Copy and Paste

> Dear Bro Less,

Apa sdh sdh ada apk cut, copy and paste untuk email di Android?

Rgrds,

RW
> Click 

2. Usefull app for Hero

Proximity Sensor..free

Tau klo iphone pas lagi telepon layar langsung gelap kan? Untuk menghindari
salah2 pencet..

Nah ini app yg membuat hero jadi seperti iphone saat bertelepon ria..usefull

sent from Eclair 2.0.1

-- 
=========================
Google Groups "Indonesian Android Community [id-android]" group.

To post to this group, send email to id-android@googlegroups.com

To request to subscribe to this group:

Click  

3. Google Maps Broadcast Event for audible navigation instructions start and stop?

4. Every ProgressBar instance getIndeterminateDrawable returns a singleton? how to clone this Drawable?

5. VideoView playback fails on 2.0.1? MediaPlayer warnings in logcat

6. How to install EAP TLS certificates for WiF

7. Multiple Services within a Process