如何保护我的打击盗版的应用程序我的、应用程序
我开发一个Android的应用程序,我打算将它发布(付费应用程序)。我听说,这是很容易盗版Android应用程序(比iPhone要容易得多)。我想知道,从你的经验,或者你知道什么,怎样才能提高我的应用程序的安全性?我知道,我永远不可能得到它100%安全,但我想使它更难为人们海盗,或illegaly分发 任何想法,经验,意见,你可以分享吗?这将大大AP preciated 最好的问候
I am developing an android app and I am planning to publish it (paid app). I have heard that it is very easy to pirate Android apps (much easier than iphone). I was wondering from your experience or what you know, how can increase the security of my app? I know that I can never get it 100% secured but I want to make it harder for people to pirate it or distribute it illegaly Any ideas, experiences, comments you can share? That will be greatly appreciated Best regards
推荐答案
我发布了一个免费的反恶意软件应用程序为Android,并确保没有人砍死它是必不可少的成功。最大的威胁agains在Android Market上的应用程序包括泄露的源$ C $ C,复制/分布式付费应用,并重新输入。我解释每下方的方式来解决这些问题。
I released a free anti-malware app for Android, and making sure nobody hacked it was essential to its success. The biggest threats agains an app on the Android Market include leaked source code, copied/distributed paid apps, and re-keying. I explain each below and way to solve them.
首先,this通过拆包编译code和查看源$ C $ C纸介绍了如何进行反向工程的Android应用程序。你将无法从发生在你的应用程序阻止此。期。有人用意志可以随时查看源$ C $ C,如果他们得到您的apk的副本(容易获得一个根深蒂固的手机)。好消息是,你可以混淆的重要部分你的$ C $了C使其更难进行逆向工程。 Proguard的是搭载Android提供了一个工具,可以让你混淆(请更难读)的$ C在包装$ C。为了prevent被读取您的重要code,但是,您将需要将所有弱势方法或变量到一个文件不是一个活动 ,服务或的BroadcastReceiver 。对于完全的事实,阅读文档。
Firstly, this paper describes how to reverse-engineer an Android application by unpacking the compiled code and viewing the source code. You will not be able to block this from happening to your app. Period. Someone with a will can always view your sourcecode if they get a copy of your apk (easily available on a rooted phone). The good news is that you can obfuscate the important pieces of your code making it harder to reverse engineer. Proguard is a tool provided by Android that lets you obfuscate (make harder to read) your code during packaging. In order to prevent your important code from being read, however, you will need to move all vulnerable methods or variables to a file that is not an Activity, Service, or BroadcastReceiver. For full facts, read the documentation.
要保护agains非法复制和应用程序的分发,谷歌播放提供了一些许可选项 。不幸的是,LVL也不是完全安全的。详细HOW-TO如何破解它(pre-谷歌播放)可用的这里。
To protect agains illegally copy and distribution of your application, Google Play provides some licensing options. Unfortunately, LVL is also not entirely secure. A detailed HOW-TO for how to crack it (pre-Google Play) is available here.
最后,上面链接的文件,以及众多的学术文章和网上的博客介绍了如何,一旦源$ C $ C(甚至混淆源$ C $ C)泄漏,一次可以只添加一些自己的,恶意code,辞职的程序,并在Android Market上发布。这里的好消息是,除非你的android许可密钥密码容易被猜到的,或者如果你给它给别人,攻击者将无法发布使用相同的许可证密钥的应用程序。这不仅保护您免受指责,但它也将让这个恶意的应用程序无法通过原来的应用程序(如共享preferences )访问可用的数据。
Lastly, the paper linked above, as well as numerous scholarly articles and online blogs describe how, once the source code (or even obfuscated source code) is leaked, once can merely add some of their own, malicious code, resign the app, and publish it on the Android Market. The good news here is that, unless your android license key password is easily guessable, or if you give it out to someone else, the attacker will not be able to publish an application with the same license key. This not only protects you from blame, but it will also make it so that malicious application cannot access data available through your original application (such as SharedPreferences).
总之,要真正保护应用程序免受盗版最好的办法是正确配置和使用的 Proguard的的谷歌播放执照的,并签署你最后的apk一个非常安全的许可证密钥。
All in all, the best way to really secure your application from piracy is to correctly configure and use Proguard, Google Play Licensure, and to sign you final apk with a very secure license key.
