Quick Links: Download Gideros Studio | Gideros Documentation | Gideros Development Center | Gideros community chat | DONATE
DRM solution for .apk — Gideros Forum

DRM solution for .apk

Hello everyone.
I'm trying to find a DRM solution to protect .apk
The goal is to protect apps which will be distributed outside the classic stores.
Here are my needs :
- a solution which can be apply as a «wrap method» (no access to source code, only .apk builds)
- a solution with a licence key management. Protected app can be limited in use by date, number of launches, etc. (every classic parameters of a DRM)
- a solution which protect from illegal copy

If you have ever hearded of something like that, I'm interested in a link, name, etc.

Thanks a lot !!
My meditation plan :
SinisterSoft: “ I don't create classes that much - classes are good for making things simpler but imho for frame rate they are also death by a thousand cuts.”
Totebo: “ Best quote ever.”
🤔

Comments

  • answer to myself : I'm afraid that it doesn't exist...
    My meditation plan :
    SinisterSoft: “ I don't create classes that much - classes are good for making things simpler but imho for frame rate they are also death by a thousand cuts.”
    Totebo: “ Best quote ever.”
    🤔
  • hgy29hgy29 Maintainer
    Yes, I am afraid your best option is to implement it yourself somehow. One way would be to embed your restrictions in your lua code, and generate one apk per licensee, if you don't have too much customers. It is easy to script gideros builds with gdrexport tool.
  • Thanks @hgy29 !
    It was not a Gideros specific question. A more general need for one of my client and as the Gideros community is, as I can judge, quite ecclectic I thought that an esoteric need could find an answer here.

    Likes: MoKaLux

    My meditation plan :
    SinisterSoft: “ I don't create classes that much - classes are good for making things simpler but imho for frame rate they are also death by a thousand cuts.”
    Totebo: “ Best quote ever.”
    🤔
    +1 -1 (+1 / -0 )Share on Facebook
  • Yes, you can write it yourself. It's a hassle, but it's feasible. I've done something like that for Windows software in the past, and am considering it for apps delivered outside of the major stores in the future. It's not a wrap tool that applies to a completed installation package, but requires some code in your app. Here's the general idea:

    First have a web script (PHP, etc) that responds to a purchase by generating a new license key, or selecting an unused one from a database. Send that key to the customer, and enter the transaction in a database.

    When the app is first run you can execute code to generate an installation ID. That can be based partly on the moment of the installation, expressed as precisely as possible, like the number of seconds since your app first released, so unless two users install at the same second, that part of their install ID will be different. Append some random digits, maybe the number of milliseconds before they press the "Next" button on the install screen, or (if the hardware supports something like it) the serial number on the installed drive. Then run the install ID through any encryption algorithm you like. Then you can limit each license to a set number of installations. The first run the user is prompted for their software license key, and the app stores it. Every run the app consults a licensing server to see if that key is valid, passing up the installation ID.

    The licensing server is a web script that checks to see if it's a new installation for that license key, maintaining a table of installations. If the key is in your database, and the installation limit for that key hasn't been reached, respond that all is good, and the app can run normally. If the limit has been reached, you could offer to invalidate the least recently used installation, or you could just display an error message and limit the app to demo-version functionality.

    With this approach you can share the APK freely, and have it run a limited feature set if a valid license key hasn't been entered, and even integrate purchases through PayPal that will trigger your script to send them a license key if they upgrade to the full version.

    One pitfall I've had with that approach on Windows is I'd have a handful of customers who were frequently wiping their system clean and reinstalling the OS, and each time they'd need to register again. They'd hit the limit and ask for support, and I'd give them a new license key. It's possible they were lying, not reinstalling with unusual frequency but sharing the game with friends, but I decided I'd rather get taken by one bad guy than leave one real customer without the ability to run the game they'd paid for, so I chose to err on the side of trusting such a customer in most cases. In any case, this was rare, with just a few such users among thousands.

    I used the same system to produce and validate CD keys that were printed on stickers installed inside bulk manufactured CD-ROMs when I was self-publishing Windows software on disc. Boy do I sound old right now...

    Anyway, while I'm not aware of any system like this you can just download and drop in, it's certainly possible to write your own. If I do implement something like this again for use with Gideros, perhaps I'll share a copy of the lua code and the scripts, minus an encryption key, etc. To use it you'd still have to be able to maintain a database and install some scripts.

    Paul

    Likes: MoKaLux, jimlev, hito9

    +1 -1 (+3 / -0 )Share on Facebook
  • Hello Paul and thanks a lot for that detailed answer.
    I am searching for a solution for one of my client, not really a need I have in Gideros. After failing at finding a solution via google, I thought that an atypical community of indie dev like the Gideros one could be the way to touch people who don’t often use the easy way. The fact that they choose Gideros is an indicator of their precious special mindset : exactly the kind of people who could have chosen to distribute their app outside a shop :P
    I already audit several solutions for PC (.exe app) because my client also has that need. But for his apk catalog, I found nothing. And he doesn’t have access to the source code in the major part of that catalog so…
    I keep your message near me. Despite the fact it’s totally out of my skills perimeter (I’m a hobbyist and poor developer, more a game designer), I could suggest my client the way it can be done if he really wants to make it done by a specialist of his media.

    Thanks again for the time.
    My meditation plan :
    SinisterSoft: “ I don't create classes that much - classes are good for making things simpler but imho for frame rate they are also death by a thousand cuts.”
    Totebo: “ Best quote ever.”
    🤔
Sign In or Register to comment.