<master@ricardoamaral.net> wrote:
> I was thinking of implementing a coupon based system for my app so I could
> offer some copies of the full version to some people. I found blog article
> which provided the server code (to install on Google AppEngine) and the
> client code to use on the app.
Could you share the link?
> I looked at the source code and realized the
> way the system works (after the coupon has been validated and activated) is
> with a simple a boolean variable with SharedPreferences.
>
> 1) My main question about this is, how safe is this? How easily is the
> SharedPreferences file hackable on rooted devices to change that boolean
> flag and "convert" an app to a full version even without a coupon code?
>
As others have said, if you have root you can easily change it.
You can try to obfuscate it somewhat so it's not too obvious and
maybe encrypt with a device-specific key, so just copying the
preferences file to another doesn't work. You decide how far you
are willing to go. Most people wouldn't bother messing with
preferences, but don't make it too easy for the ones that would :)
> If they are not safe, is there any other way?
Go the Android LVL way: link to the Google account and do
checking on the server. You'll need to cache responses for
a certain period, so your app works even when people are offline.
>
> 2) My second question and now related to the coupons system but we can look
> at this as validating and activating an app through the Internet. The idea
> is that I just want to activate the full version of my app to someone,
> temporarily, some sort of a trial.
You can save (and appropriately obfuscate) the trial start time,
and check it on startup. Obviously they can clear the app data,
so you need to handle that (revert to the basic version, etc.)
>
> The problem is the deactivating part. Let's say I disable the full version
> for a specific device on the validation server. If the user doesn't open my
> app while connected to the Internet, the app will always be on "full mode"
> and there's nothing I can do about it. Or is there?
>
Let them use it when offline, and check the license when they go online.
See above about caching server responses, and check the LVL docs
for more ideas.
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
No comments:
Post a Comment