Thursday, November 24, 2011

Protected free Android applications

One issue I'm facing from time to time is people copying my apps & change the ad network code.

I found the following methods good fighting them:
  1. Use ProGuard to obfuscate the code. If the code is obfuscated it's harder to remove other protective measures listed below. Some notes on ProGuard:
    (a) Move important functionality from non-obfuscated functions (such as onCreate)
  2. Check application signature, use: getPackageManager().getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES).signatures[0]
  3. CRC/Checksum validation of resources
  4. CRC/Checksum validation of the APK.
  5. Check if the application is running in debugger.
  6. Check installed package name.

When you discover an issue DO NOT stop the application. Start a sequence that will cause the application crash (for example, clear a list that should not be empty).