Reputation: 201
How to fight against APK extractor
I have this app developed and issued to users via USB. But I want to prevent them from extract the APK and install it on other phones.
Currently, I have a APK signing signature check when the app launches and prevent it from running if it doesn't match mine. But it doesn't to stop those APK extractor apps, this one for example. https://play.google.com/store/apps/details?id=com.ext.ui&hl=en
I checked the extracted APK and it has the same signature as my original! Is there any other ways to stop it?
My app is a standalone app so it doesn't have a server to talk to...Thanks!
Upvotes: 0
Views: 1704
Answers (2)
Reputation: 26
Disclaimer! There's no way you can protect your app 100% but you can try the following ways:
Google Play Licensing and the License Verification Library (LVL) This service allows your app query a Google Play Licensing server to determine if currently running device is recorded as a purchaser.
OBFUSCATION Eliminate all chances of reverse engineering which is a way of generating an apk from your app.
COPY PROTECTION
Although superseded by licensing on some platforms (most notably Android), copy protection is a simple way of fending off more perfunctory attempts at piracy.
Digital rights management (DRM) can be built into the app itself, be part of the app store to which it is uploaded (such as Amazon DRM), or purchased as part of a third-party paid DRM service.
Upvotes: 1
Reputation: 42650
In general you can not prevent your app from being extracted from a device. Furthermore any of your user could simple upload the retrieved APK file somewhere on the net.
Therefore you can only protect your app from being used by "the wrong people". I see two possible solutions for doing so:
Dongle the version to a specific device
You know the principle by many shareware software: After installing the app requires to enter a license code that activates it. The license code is generated by you after receiving some sort of device fingerprint and the app checks if the license is valid for this specific device.
Embed a water-mark that allows you to identify who has leaked the APK
This would require to create unique APK files for each of your legitimate user.
Upvotes: 0
Related Questions
- How to make apk Secure. Protecting from Decompile
- How to prevent such websites like apkpure?
- Prevent decompiling android apk
- How to prevent the easy extraction of APK app installed on the phone
- How to prevent extraction of android apk source code from attackers?
- How to prevent reverse engineering of an Android APK file to secure code?
- Android - don't want to decompile my apk file
- android prevent apk