Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
912 views
in Technique[技术] by (71.8m points)

google play - Is it ok to check legality of installing paid android app by checking getInstallerPackageName?

To ensure that my paid android application was legally installed from store, I write this:

String installer = getPackageManager().getInstallerPackageName(
        "com.example.myapp");

if (installer == null) {
    // app was illegally downloaded from unknown source. 
    // dear user, please re-install it from market
} 
else {
    // app was probably installed legally
    // (also it's good to check actual installer name)
}

Is it ok? Is there a chance that application that is legally purchased and installed from market will get empty installer package name and fail this test?

I understand that user can run adb -i com.fake.installer myapp.apk and pass this check, but it's more important if legal users will get potential problems or not.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

You should not use PackageManager#getInstallerPackageName to check if the app was installed from Google Play or for licensing purposes for the following reasons:

1) The installer packagename can change in the future. For example, the installer package name use to be "com.google.android.feedback" (see here) and now it is "com.android.vending".

2) Checking the installer packagename for piracy reasons is equivalent to using Base64 to encrypt passwords — it's simply bad practice.

3) Users who legally purchased the app can side-load the APK or restore it from another backup application which doesn't set the correct installer packagename and get a license check error. This will most likely lead to bad reviews.

4) Like you mentioned, pirates can simply set the installer packagename when installing the APK.


You should use App Licensing or switch to In-app Billing.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

2.1m questions

2.1m answers

60 comments

57.0k users

...