The title says it all, the more I do research about piracy and the tools used to crack an app the more I think it is just wasted time.
My biggest threat is that my app is being cracked and uploaded again within minutes after I released it. But I’m not sure how harmful it will be to my revenue, if there even will be revenue. Maybe someone can come up with some experience, it’s my first app which I’m going to publish and I have no experience with that. My app is going to be free with ads. I think this is another line of defense because in my opinion, the main focus is on paid Apps due they are not available in a lot of countries..
My current approach is that I will just use proguard not really to make it harder to crack (more likely understand the code), because you don’t even need to understand the code if you just simply resign it and upload the same application to the playstore, you will just need to change the package name. My main point of using proguard is just to shrink the app.
Is this a “good” approach?
9
No.
Most applications from large developers with real, industrial grade copy protection appear in torrents, cracked, within days of release. It is extremely doubtful that a smaller developer can match that. Trying to will just waste your time, leaving less time for you to develop features/apps that make money.
You may want to do trivial work to keep “casual” copiers at bay, but by trivial, I mean something you can throw together in a few hours. (I.e. something like proGuard.) You will not stop the people with technical knowhow who actively want to crack your app.
12
Should I spend time preventing piracy of my app?
You are asking the wrong question. Technical safeguards such as proguard are a must but are trying to solve the problem the hard way.
The first question should be “Does my app contain something that really needs protecting?” such as a complex or proprietary algorithm. If so the best solution is to move this out of the app into a server that the app talks to. The app becomes merely a UI layer on top of the server. Of course, this means you need to maintain a server (or servers) and an appropriate authentication mechanism for each user (a whole other post). It is also inappropriate for disconnected or highly responsive apps.
The second question should be “Why would people pirate my app?” If it is a financial motivation, release a free version of the app with a reduced feature set. If it is a game, make the core game and first few levels free then sell additional levels/characters/upgrades/whatever via in-app purchases. Alternatively, release a free version funded in in-app advertising (yes, I know many people hate it but it is the world we live in).
No matter what you do, as Steven implies in his answer, some people will do it for a technical challenge and release the crack to demonstrate their prowess. You cannot stop these so it is not worth worrying about.
5
Many many years ago, I bought a book on game development. It had a chapter on piracy. It included the following summary:
It is not possible to prevent piracy with technology. The only way to prevent piracy is to make a game so cool and exciting that the pirates choose to go out and buy a copy.
You can never prevent piracy. You can curtail piracy, you can monitor piracy, but there are no tools which can truly prevent it. I stress this because that strong word, “prevent,” can make people reach to exorbitant measures thinking “If I just do X, I can prevent piracy.” They are always saddened by the result, and it is all because of a word choice.
To rephrase akton’s key points in a terminology traditionally used in Information Security: you need to develop a threat model describing your attackers. If your attacker is a script-kiddie that downloads a few scripts off of the web, then you can focus your security by looking online at what script-kiddies can find, and defending against those. If you are really interested in your secrets not falling into Chinese and/or American government hands, you’ll find you have to do a wee bit more on the security front.
One nice thing about phrasing it as a “threat model” is that you will also be in an excellent position to correctly handle security issues, such as logins and credit card numbers and what-not. You will be ahead of the curve.
If all you are worried about is script-kiddies, it would be useful too not only do the Google search for antiLVL you mention in your comments, but play with a few of them. Learn what they can and cannot do. Know thy enemy.
1
If possible you should follow the advice in https://news.ycombinator.com/item?id=2623102 and move the stuff you want paid for to a server. And then manage access there. The app itself can be assumed to be stolen and pirated as much as it wants. Copying your server is harder.
Of course this solution has the downside of not being cool or clever. But it works.
1
It is impossible to completely prevent piracy.
You must accept that your code will run on other people’s machines. Those people can take your code on their machines and do anything with it, including change and (illegally) redistribute it.
You can leverage your country’s legal system if you believe your rights have been infringed upon; e.g., an American citizen can issue a DMCA takedown request against an entity that is distributing his work. However, it will be more difficult to dismantle an international distributed network, such as those composed of torrent links.
Alternatively, you can revise your philosophy on software distribution. Considering it is already possible for your users to do anything with your program, you could accept that reality. Then, embrace that reality, and grant your users the freedom to run, copy, distribute, study, change and improve your software. This is typically accomplished by declaring your program “free software” (and when I say “free,” am I speaking in terms of “freedom and liberty,” not in terms of “price”).
Releasing your program as “free software” has numerous advantages:
- Your users will easily be able to modify your program.
- If you appreciate their modifications, you can merge them back into the main project, and it will be more valuable as a result.
- If I was to modify your program, the first thing I would do would be to remove the advertisements, because I find them quite annoying. You could take this as an indication that your application would be better without advertisements, which would spur you to imagine a better revenue model (“better” both in terms of pleasing your users and profit).
- Your users will be free to redistribute your program.
- If you want your program to “go viral,” removing all legal barriers to virality would be a good thing.
- People can already redistribute your program. Either they are “evil,” or they are benevolent for sharing things with their neighbors, which is a basic human trait that makes us more successful than species without compassion. Now they can feel good about it, as they should.
- Other people will be able to study your work and learn from it.
- I learned a tremendous amount about programming from trudging through the source of RPGMaker games, for which the game code is usually free to browse. In fact, I am aware that a whole community of game developers have emerged from sharing and learning things from each others’ code, and have grown up and are leading successful careers and delivering high-quality products. You can be happy knowing that your program has benefited more people than just you.
Making your program “proprietary,” as you intend to do, gives you the false reassurance that people must first pay you in order to obtain and use your software. You are aware that this is not true, due to piracy.
So consider the converse: What if you offered the software to the customers first, and told them that if they derived value from it, then they would pay you?
If an “honest” person was willing to pay you for your software before he could use it, then (as long as you are providing a high quality product) why should he not be just as willing to pay you after he has enjoyed it? (I paid the author of Chrome’s AdBlock plugin, which is free software available gratis, because I derived immense value from it.)
As for a “dishonest” person who would download a modified version of your program from an illegal source, he is certainly not willing to pay up-front. Now you have the opportunity to capture revenue from that person, because the “freeloader” might derive value from your program and then decide to pay you. If pirates pose a considerable “threat” to your program, you might consider turning the tables such that your pirates become potential customers instead.
I recommend the “free software” approach. You could continue to create proprietary software and you would still probably make plenty of money, as many people who produce proprietary software do; though you would have to ignore the “problems,” both financial and moral, which exist inevitably and incurably because of the nature of creative works. These “problems” become vehicles for the enhancement of your product when you adopt free software philosophies; you would have an edge over competitors who cannot understand this power.
0
No, it’s pointless. Ultimately the cost/benefit analysis just doesn’t work out.
For a start you need to target a platform that has security built in. Realistically, irrespective of how much you might like the platform Android is simply not that secure – it is designed to be open.
The cost of implementing any worthwhile security is likely to be more than any profit you might see as Android has the lowest spend per user of all the mobile platforms, the only people it will ever make money for is google. Those who don’t buy the cheap handsets are frequently purists who think that the free (expression of ideas) is also specifically the free (as in beer) part so will do anything they can to avoid paying purely as a challenge.
Anything you need to do to protect your application must affect the core of the user experience and not be bolt-on protection after the fact. Apps that do well in that regard are the ones where the product purchased is the content, not the app itself.
Since your primary concern (according to comments) is related to authentication (cracked and repackaged versions) of your app on the appstores… that’s mostly the appstore’s problem to solve and you may be better off looking at ways for an app to automatically register that it has been repackaged rather than deter copying.
3
Conclusion
My conclusion, to don’t get in conflict with Q&A Format, after all of this great answeres is not to invest a lot of time in making it as hard as possible to crack my app. For this app, I will just use proguard because of the shrink-effect and because it is more difficult to understand the code if someone wants to modify it…
I rather spend more time in SEO/implementing more features like Steven pointed out and after publishing i will try to give a better support to my users than the pirates will do! 😉 I think that is going to make the difference and is one of the best ways to fight them.
Anything else which will happen is additional experience and will or will not change how i publish my apps in the future. Thank you!
From my experience: most of people like original software and is very difficult to prevent crack. The best thing to prevent piracy is always to deliver a free version with less features of your software, and warn people that cracked software may threat them (virus, trojans almost by sure). So if people like your software by using the free (clean, no threats) version they will buy it.
5