There's a few easy methods anyone could use to crack the protection of your app that you worked very hard on, and in the same way there's methods to stop this from happening as well
The first one, the big one, there's the app "Lucky Patcher". What this app does is patches the dalvik files to tell the app that it's activated, even if the Play Store disagrees. There's two ways of protecting from this:
Implement a simple piece of code to check if Lucky Patcher is installed, and if it is, force the user to uninstall it (But by then it might be too late!)
Here's a sample piece of code that stops the user from opening the app if Lucky Patcher is installed and prompts them to uninstall it
Code:
public void checkLP(){
android.content.pm.PackageManager mPm = getPackageManager();
try {
PackageInfo info = mPm.getPackageInfo("com.chelpus.lackypatch", 0);
if(info != null){
AlertDialog.Builder ad3 = new AlertDialog.Builder(this);
ad3.setCancelable(false);
ad3.setTitle("Lucky Patcher");
ad3.setMessage("I have detected the presense of the app 'Lucky Patcher', which could be used maliciously within this app. You need to uninstall it to continue");
ad3.setPositiveButton("OK", new DialogInterface.OnClickListener() {
[user=439709]@override[/user]
public void onClick(DialogInterface dialog, int which) {
// TODO Auto-generated method stub
startActivity(new Intent(MainActivity.this, LpUninstallActivity.class));
finish();
}});
AlertDialog alertDialog3 = ad3.create();
alertDialog3.show();
}
} catch (NameNotFoundException e) {
// TODO Auto-generated catch block
return;
}
}
Once you've implemented this code, call checkLP(); in your code where you need it, and add a UninstallLpActivity.class to respond to the user pressing OK, which uninstalls it (automatically if you have root, manually if you don't) and then returns the user to the main activity, at which point it checks again
However, this will not always work. What happens if the user patches it and then uninstalls Lucky Patcher? What then? What about if they patched the apk itself?
That's where method 2 comes in.
For method 2, the alternative is to download an unpatched version of your app from the internet and install it on top, either automatically if you have root (Which is recommended where possible) or manually, which could lead to you hitting issues with signatures
I don't have the code for this one, but the best way is with RootTools to call a download normally and then use "pm install -r" to overwrite it. Note that Lucky Patcher also has a method that adds ODEX files to /data/app/ which you will want to remove also
But I don't have a paid version, only IAPs and people are using Freedom! :crying:
Freedom is a complex app that circumvents the Play Store and makes the app think it's been bought when it hasn't. There's two very similar and simple ways to stop Freedom working though, both of which need root (which is fine, because Freedom needs root anyway)
1.) Just stop freedom, kill its service and hopefully stop it from working
Again, I recommend RootTools to make this easier.
When your activity with IAPs starts, call a command that runs the following:
Code:
pkill cc.cz.madkite.freedom
This will stop the freedom app from running and hopefully stop the user from using it to crack purchases
2.) The better, more permanent method, forcibly uninstall freedom
Again, I recommend RootTools to make this easier.
In your class with IAPs, add the following code:
Code:
public void checkFreedom(){
android.content.pm.PackageManager mPm = getPackageManager();
try {
PackageInfo info = mPm.getPackageInfo("cc.cz.madkite.freedom", 0);
if(info != null){
AlertDialog.Builder ad3 = new AlertDialog.Builder(this);
ad3.setCancelable(false);
ad3.setTitle("Freedom");
ad3.setMessage("I have detected the presense of the app 'Freedom', which could be used maliciously within this section of the app. You need to uninstall it to continue");
ad3.setPositiveButton("OK", new DialogInterface.OnClickListener() {
[user=439709]@override[/user]
public void onClick(DialogInterface dialog, int which) {
// TODO Auto-generated method stub
startActivity(new Intent(IapActivity.this, FreedomUninstallActivity.class));
finish();
}});
AlertDialog alertDialog3 = ad3.create();
alertDialog3.show();
}
} catch (NameNotFoundException e) {
// TODO Auto-generated catch block
return;
}
}
And then call it where you want to with checkFreedom();
Similar to the Lucky Patcher one, you need a second class that uninstalls it. Mine is as simple as follows:
Code:
import java.io.IOException;
import java.util.concurrent.TimeoutException;
import android.app.Activity;
import android.app.ProgressDialog;
import android.content.Intent;
import android.os.Bundle;
import android.view.Menu;
import android.view.MenuInflater;
import android.view.MenuItem;
import android.view.View;
import android.widget.CheckBox;
import android.widget.Toast;
import com.stericson.RootTools.*;
import com.stericson.RootTools.exceptions.RootDeniedException;
import com.stericson.RootTools.execution.CommandCapture;
public class FreedomUninstallActivity extends Activity{
CheckBox RootCheckBox;
CheckBox BusyboxCheckBox;
[user=439709]@override[/user]
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
ProgressDialog dialog =
ProgressDialog.show(FreedomUninstallActivity.this, "", "Uninstalling Freedom...", true);
dialog.setCancelable(false);
dialog.show();
dialog.setMessage("Uninstalling Freedom...");
CommandCapture command = new CommandCapture(0, "pm uninstall cc.cz.madkite.freedom");
try {
RootTools.getShell(true).add(command).waitForFinish();
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (TimeoutException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (RootDeniedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
startActivity(new Intent(this, IapActivity.class));
finish();
}
}
This uses root to uninstall it, which is easiest because the user cannot press cancel, then loops back around to check again to make sure it worked
Finally, and most importantly, obfuscate.
Even the biggest pirates I've seen haven't ever tried to crack apps that use other methods and are obfuscated. Therefore, best practice where possible is to obfuscate, or even just run it from a remote server on a secure connection. ProGuard instructions are available here
Help! They still get past it
Use the good old methods of reporting then, try and keep the amount of people who are able to download it illegitimately to a minimum
Further ideas:
Improve the reinstall because of Lucky Patcher by just re-building the dex file - Looking into it
Further reading:
Android Developers site on best practices for in app billing
e3d said:
I use Lucky Patcher. To get rid of the ADVERTISEMENTS, not to remove the licensing service. YOU EVER thought of that?
if i see one of your apps, i'll uninstall it and rate it badly. Why are you on a forum that offers you to root your phone, etc? And you want to restrict this freedom?
If you want this crap, buy an IPHONE OR A WINDOWS Phone and develop for it.
You ever heard of ethics? I've never seen much worse ethics for programming.
you do not have to care about other apps on a system.
Isn't Freedom what linux is about.?
*for all devs who want to use OP's "solution".
---------- Post added at 06:36 PM ---------- Previous post was at 06:28 PM ----------
Same here.
Click to expand...
Click to collapse
If you have root, use a system wide thing, don't support an app that incorporates piracy methods
And "why are you on a forum which allows freedom"
Read the goddamn rules, we don't allow that kind of stuff, it's warez and illegal
Also, I don't think you understand what I'm doing by uninstalling it here. I'm protecting my rights, not 'uninstalling a competitor' as you compare it to.
Meanwhile, I'm about to have a mod clean out this thread, including this post
e3d said:
I use Lucky Patcher. To get rid of the ADVERTISEMENTS, not to remove the licensing service. YOU EVER thought of that?
if i see one of your apps, i'll uninstall it and rate it badly. Why are you on a forum that offers you to root your phone, etc? And you want to restrict this freedom?
If you want this crap, buy an IPHONE OR A WINDOWS Phone and develop for it.
You ever heard of ethics? I've never seen much worse ethics for programming.
you do not have to care about other apps on a system.
Isn't Freedom what linux is about?
Click to expand...
Click to collapse
How the hell did you guys get into developers forum?
Removing ads is the same way illegal than pirating an entire app.
awaaas said:
A simple apk can't install/replace system app? Google "Google Play Store Installer by Chelpus" and you'll be suprised...
And about the people awareness, what about "third-world" countries? Credit card is usually not available...
They want to buy, but they can't pay you. Now Google Indonesia is starting to offer payment by phone credit (only one carrier for now), and some of my friends is starting to buy games and apps if they like it (some apps is "tried" first though)
Click to expand...
Click to collapse
I specifically set prices very low in countries with less developed economy. I would even offer my app for free in some countries if google would let me.
I don't think it's a terrible idea (unlike a lot of people here, looks like we have a lot of pirates about...*), but I do think there are better ways to go about it, as mentioned in this post http://forum.xda-developers.com/showpost.php?p=41581990&postcount=9
Checking the hash of the app sounds like a pretty simple but reasonably decent method for checking that the app hasn't been patched by some tool like Lucky Patcher. Not sure if there's any way to check the signature on an app to ensure it's been signed with your own keys, but if so that would probably be another good thing to check (seeing as modifications would require re-signing with a different key).
*To people who claim they use it for other purposes; the uses I know for LP are piracy, blocking ads and removing permissions. Blocking ads is pretty much the same as piracy in my mind (devs put the ads there to make money instead of charging for the app, blocking them takes away that revenue), and removing permissions seems to be kinda crappy with LP (force closes etc.). There are much better solutions for both.
SifJar said:
I don't think it's a terrible idea (unlike a lot of people here, looks like we have a lot of pirates about...*), but I do think there are better ways to go about it, as mentioned in this post http://forum.xda-developers.com/showpost.php?p=41581990&postcount=9
Checking the hash of the app sounds like a pretty simple but reasonably decent method for checking that the app hasn't been patched by some tool like Lucky Patcher. Not sure if there's any way to check the signature on an app to ensure it's been signed with your own keys, but if so that would probably be another good thing to check (seeing as modifications would require re-signing with a different key).
*To people who claim they use it for other purposes; the uses I know for LP are piracy, blocking ads and removing permissions. Blocking ads is pretty much the same as piracy in my mind (devs put the ads there to make money instead of charging for the app, blocking them takes away that revenue), and removing permissions seems to be kinda crappy with LP (force closes etc.). There are much better solutions for both.
Click to expand...
Click to collapse
There's ways of checking if it uses the debug key, which I believe Lucky Patcher signs with, see here:
http://stackoverflow.com/questions/5578871/android-how-to-get-app-signature
If your app is a game and it's completely native(unity3d, cocos2dx,...) you could do the following:
1) do license checks from within native code(.so file)
2) check signature of apk file from within native code and kill app if it's not valid
3) sign your native libraries and do self checks before execution to prevent people from editing asm code.
Wow, some of you guys...
God forbid a developer expect that you compensate him/her for hard work on an application.
If it's worth it for you to go through the trouble of getting outside of the Play Store, cracking it, and sideloading it, clearly it's worth it to you enough to actually pay for it.
As usual with so many Android users, the self-entitlement complex is through the goddamn roof. I get it, being on a forum where you get such amazing aftermarket firmwares and modifications at no cost to you has really gone to your head; it makes you believe that all things Android should be cheap and free but that's really not how it works.
I don't buy the "I use Lucky Patcher to block ads" BS. If you want to block ads, there's a million different ways you can use a hosts file or an app that manages the host file to do that (especially if you're concerned with traffic, that's the ideal solution).
I get the criticism with the idea of removing another app, but I don't buy for even one second that anyone thinks they are justified in pirating the app; this is the mentality that spreads and becomes a huge problem. Many of you just don't see anything wrong in circumventing a payment/compensation system, citing all sorts of reasons that range from potentially/weakly relevant to stupidly shameless.
3 years ago when I first got my HTC Hero, I pirated an app called Slide Screen because it looked really cool but I didn't want to pay for it. On the forum where I got the apk, there was a post from the developer of the app pleading with people to consider actually buying the app because he had put in a ton of effort in to it and was just trying to earn back a little extra income from all his research and self-taught Java lessons.
After that, I completely stopped using pirated apps because I understood; the Play Store is a vicious cesspool that is FULL to the brim of absolute utter crap, especially the "My First Android App"-type applications. It's very hard to gain exposure and with reverse engineering, it's even harder to maintain a unique app because of how easy it is to just turn around and modify someone else's apk and then resell it. It doesn't help that (and this only seems to happen with Android users) Android users are incredibly ignorant of the platform and downrate an *free* app for not having an extravagantly complex addition as though they are entitled to it.
Many of you spend between $300 and $600 on these devices, and many of you pay $50+ a month for a plan to go with them. Is it really so much for you to consider to spend what many call "a cheap fastfood lunch" on an app that you enjoy using, find useful, and get lifetime updates for?
Sadly, XDA users of today are completely unaware of what the "free" in "Freedom of linux" means. Gratis != libre. The freedom that linux brings to the masses is not as in free beer but free speech.
You all need to check your self-entitlement complex, it's clearly outgrown your sense of morality and logic.
S.D.Richards said:
And thus you would violate the Play Store rules, since it's not allowed to alter or interfere with other apps to keep them from working as intended
Click to expand...
Click to collapse
That applies to other apps that are installed from the Play Store. Last I checked, Lucky Patcher isn't from the Play Store.
Ok guys CALM down. Now I know this is a heated subject it is plain and simple. If you cant buy the app then dont. It doesnt matter what the reason is, Developers have the right to protect themselves and their apps. While I agree it will never be stopped why not make it a huge PITA for it to be cracked?
I agree with the OP. More Developers should add things like this and the LP remover is a great idea. If you dont like it then too bad. Feel free not to use it.
Now Get this thread back on topic and that is idea to help protect their apps.
S.D.Richards said:
I NEVER said it is right, on the contrary, I always take measure as good as possible if someone violates the license of my projects(looking at you bigbad router maker). But what's right/wrong doesn't matter as long as people are doing it anyway and you can't stop it.
Under your US laws drugs are illegal, well in most states, but still people get and take them. You spend billions to fight it and it did nothing except for a few dead people who quickly get replaced. It's the same with piracy, shot down one site, at least two will spawn out of the ashes. It's not right, mostly not even from a moral standpoint, but it's done anyway.
It's a fact of live, unfortunately today, the same as death. One might not like it that a loved one dies, but with current tech, it can't be stopped, so one has to cope with it.
Again, I don't want devs to stop whatever they are trying to achieve with anti-copy stuff, I just want to help them understand that there are more reasons to piracy than just don't wanting to pay. I don't pirate apps, I use free ones or get licenses for free, f.e. in exchange for my translation work. I'm in the lucky situation that I've got the money to spend, but I'm not breaking my own rules for it, either I pay, look for alternatives or if I really need it and can, do it myself. But there are people worse off than me, having money but Google doesn't even offer to buy in their country or having no money at all. Look at f.e. Africa, many people there have practically no money, but they do have smartphones. Why? Because the EU and the US ship outdated models there to help them get educated. If people pirate an app their, it might have significant positive impact on their lives, maybe it helps them get a paid job and maybe they'll thank you in the future by buying your stuff, sending you a picture of their child or whatnot - as long as you don't actively lose money on them because they are using your bandwith, I just don't see where the big problem is - a $/€ for a dev in the western world makes practically no difference, a pirated 1$ dictionary on the other hand can make a huge difference for someone in an evolving country.
Live isn't about money, even if advertisers want to sell you that huge car. It's about surviving and taking care of others and that doesn't mean just the one close to you. The world is so big and the possibilities are endless, with a small chance, some kid from India could pirate your app, educate himself using it and in the future become the single doctor who can cure your kids cancer or whatnot. Isn't that a picture worth thinking about? The chances are slim, but it's possible.
Click to expand...
Click to collapse
The issue that I have with your 3rd world possibility, is that there are many apps made for free by volunteers to assist in the aid of the less fortunate memebers of deprived communities/countries. These unforunate people aren't in a position to have internet access, so these second-hand devices are given, pre-loaded with educational software. They don't have access to the PlayStore, or any other site that would even give them the possibility of piracy.
While the message behind your post may pull on the heart-strings of others, it is a flawed story that is full of holes. While life isn't about money, someone expecting to receive out, what they put in, isn't an outlandish standard.
zelendel said:
Ok guys CALM down. Now I know this is a heated subject it is plain and simple. If you cant buy the app then dont. It doesnt matter what the reason is, Developers have the right to protect themselves and their apps. While I agree it will never be stopped why not make it a huge PITA for it to be cracked?
I agree with the OP. More Developers should add things like this and the LP remover is a great idea. If you dont like it then too bad. Feel free not to use it.
Now Get this thread back on topic and that is idea to help protect their apps.
Click to expand...
Click to collapse
Sorry, I was typing when you posted. Back on topic...protect your apps the best you can, but expect someone to make it free, because that's life.
Checking app's integrity can make two in one, check if it got corrupted in anyway, check if it was patched.
A popup can then, in case of failled check, tell that app is corrupted because it failled integrity check (even if it was not corrupted and just patched, integrity point of view, it's corrupted)
This check should happen at startup and a second time somewhere else to make it look "random", this way it will be more annoying for the cracker to disable this integrity check.
Please keep in mind you'll have to redo checks on your side for each updates.
Another solution may be to require direct account auth, and have a backend server to check if user's account correspond a buyer's mail. This method should not be used with an app not supposed to use internet (because it will be really annoying for the user if trying to use it without a data plan)
Please note i don't know if you get all users mails or only when they refund, may not be applicable, just an idea.
Hope it helps anyone.
Regards
Moderation was made with a chainsaw
About anti piracy techniques, one of the most effective thing as stated before in this thread is not to kill the app at start and put big messages.
Those are easy to spot and remove.
95% of the hackers that will allow mass distribution of your app won't be users of your app, they just fill requests for the fame.
So adding random checks at places that only real users will trigger is the easy way to go.
You can still let some honeypot easy to track for those, so they think they have cracked the app.
Currently my app is tell to be cracked and spread a lot to internet at each of my release.
But the app is not really cracked it does all the free version support, leading to more installs of a functional app leading users to love your app and then buy it if they can, others would in fact never buy an app so are not good users.
This also brings a lots of publicity, since each time the "hackers" post your app there's a full description with links to PlayStore and your website if you have one.
Piracy is not bad it's free ads
Simple checks on crc and signature are obvious to defeat, don't use them as a boolean test but use those values to calculate other one that are useful elsewhere (Easier to do with signature that don't change, crc needs implementing a custom ant build and tools )
Just my own opinion guys, dont you think the user would delete our app instead of removing lucky patcher or freedom?
Also what if he has replaced his market/play store with the cracked version one?
coolbud012 said:
Just my own opinion guys, dont you think the user would delete our app instead of removing lucky patcher or freedom?
Also what if he has replaced his market/play store with the cracked version one?
Click to expand...
Click to collapse
I believe Google now protect from the cracked play store on its servers, and if they do, that's their choice. You'd make no money either way
Quinny899 said:
I believe Google now protect from the cracked play store on its servers, and if they do, that's their choice. You'd make no money either way
Click to expand...
Click to collapse
Cracked Play Store is still working...Beside play store what about the other things which I mentioned.
I believe a pirating user will more likely delete a not working app and look for an alternative then remove LP. Reason is simple, there are usually more app alternatives than to LP. In theory, this behaviour could be a bad thing, if he's one of the try-before-buy people and ends up buying an alternative from another dev.
As far as random checks based on user input or after some time goes, at least for the former there are automated solutions which hit every button, enter all kinds of data in fields, etc. Basically fuzzy vulnerability search tweaked for user input. So if you want to use that, you've got to think long and hard to not scare of legitamte customers.
Self checks are hard to implement in a strong and resistent way, plus your rating can go from 5 to 1 if you ever forget to do it, so you better make sure to add it to your buildsystem.
If an hacker have time to build an automated test solution for the app to validate that every action result in the correct result then :
- This is the best hacker in the world so nothing will stop him
- He does much more than even me can do on my apps and I'd gladly ask for his test solution
And Yatse is still 5 stars so when things are correctly done hackers makes ads for you and users are happy and buy your app
Tolriq said:
If an hacker have time to build an automated test solution for the app to validate that every action result in the correct result then :
- This is the best hacker in the world so nothing will stop him
- He does much more than even me can do on my apps and I'd gladly ask for his test solution
And Yatse is still 5 stars so when things are correctly done hackers makes ads for you and users are happy and buy your app
Click to expand...
Click to collapse
These solutions already exist, at least for normal PC-software. Don't know if anyone ported this to android, but it would be trivial. Of course, mostly this stuff is used for legitimate tests of software, but there's no reason to use it against some checks. Android software is usually pretty easy to decompile or otherwise reverse engineer, so it's rather easy to plug stuff in.
If it makes sense to use something like that against a $1 app is another question, but with today's hardware it's also no effort to check multiple apps in different vms at the same time.
So you really are the kind of guys that always want to be right and have the last word to get this thread purged again ? (Please don't answer to this)
Test units exist for a long time and will for life But do you have any idea of the time needed to write those tests ?
Fully automated tests don't exist since you have to provide them with the waited result, a test that check that something happens on a button click is irrelevant in our case since this is exactly the trick, the result will not be the same but the action will work....
Like returning only half of the results on a query ?
Of course if you make a poor fart app with only one button there's nothing to be done (apart stop doing such apps ).
Using code coverage tools would be more efficient for the hackers and would work better .....
So as all have already agreed there's nothing you can do against someone that really want to hack an app on Android, you can only do (and it's recommended) some basics things not too hard to implement but still making the work for basic hackers (like all script kiddies) too long to worth it.
And doing those checks out of the non real user path will always finish to a poorly cracked application that will spread making you ads and giving you more users, and even if after a real correct cracked version goes out, it's already too late, the first one was spread and is referenced everywhere users will have more chance to find the bad one and became legit users.
zelendel said:
Ok guys CALM down. Now I know this is a heated subject it is plain and simple. If you cant buy the app then dont. It doesnt matter what the reason is, Developers have the right to protect themselves and their apps. While I agree it will never be stopped why not make it a huge PITA for it to be cracked?
Click to expand...
Click to collapse
There is no argument that developers have the right to protect their work. But there are plenty of reasons to not spend time and effort on developing and testing anti-piracy solutions that will inevitably be cracked. The question really boils down to cost versus benefit. How much money are you really losing, and how valuable is your time? For some developers, investing in novel anti-piracy solutions is worth it. For others, it's time that could be better spent improving their app.
I agree with the OP. More Developers should add things like this and the LP remover is a great idea. If you dont like it then too bad. Feel free not to use it.
Click to expand...
Click to collapse
That is just one man's opinion. I personally don't think it's a great idea. The fact is, it's up to the individual developer to make that choice.
Now Get this thread back on topic and that is idea to help protect their apps.
Click to expand...
Click to collapse
Deciding not to invest too much effort in protecting your app is ABSOLUTELY on topic, because it's another alternative. Many of the comments made in the discussion of this post (found here: http://www.xda-developers.com/android/preventing-app-piracy-join-the-discussion/) reiterate exactly what I said. I can only assume that my original response in this thread was removed for having a different opinion, which leads me to wonder what other legitimate comments have been censored because a moderator has a personal disagreement.
Related
Just a general warning to those who seek out APK's on the internet.
I've noticed an increasing number of people posting APK links on XDA-developers using 3rd party hosting such as multi-upload instead of the official developers websites. This is a potential security risk to your own phone, because Android code CAN be decompiled, and dodgy code can be added before re-uploading. You at a greater risk of downloading compromised APK's if you download them from an untrusted party.
Many of these APK's seem to be hosted officially by the developers already, so please link directly to the developers OWN servers when possible, and those who use their phone for business or store sensitive data on it, should avoid using APK's from sources which weren't set up by the original developers.
andrewluecke said:
Just a general warning to those who seek out APK's on the internet.
I've noticed an increasing number of people posting APK links on XDA-developers using 3rd party hosting such as multi-upload instead of the official developers websites. This is a potential security risk to your own phone, because Android code CAN be decompiled, and dodgy code can be added before re-uploading. You at a greater risk of downloading compromised APK's if you download them from an untrusted party.
Many of these APK's seem to be hosted officially by the developers already, so please link directly to the developers OWN servers when possible, and those who use their phone for business or store sensitive data on it, should avoid using APK's from sources which weren't set up by the original developers.
Click to expand...
Click to collapse
First off: Who's to say the original developer can't put this so-called "dodgy code" in their own apks?
Secondly: The Android marketplace doesn't have any strict rules as to what someone can post, and the code isn't even checked. You have just as high a chance of getting this "dodgy code" from any app you download straight from the market.
Nobody. But it is a hell of a lot safer from a trusted first party, than being passed down a chain of untrusted people before it makes it's way to you. Especially since apk's don't seem to be digitally signed (I may be wrong).
I'm just concerned that you can post any APK you want here which have an official website, insert a trojan, and nobody would be none the wiser. I'd simply like to see a change in attitude.. If someone posts an unofficial link to an APK which is already available by developers, I'd like to see people stand up and point to the OFFICIAL website.
At the moment, people are actually ENCOURAGING bad security practices, and doing so makes XDA a target ripe for future attack. And I don't want to wake up to a forum of people *****ing about Samsung, for a problem caused because of a trojaned copy of Angry birds beta on XDA.
We should build awareness now for people to get files from the last link in the chain, rather than wait for someone to try it (which they probably will, and may have already done)
andrewluecke said:
Nobody. But it is a hell of a lot safer from a trusted first party, than being passed down a chain of untrusted people before it makes it's way to you. Especially since apk's don't seem to be digitally signed (I may be wrong).
I'm just concerned that you can post any APK you want here which have an official website, insert a trojan, and nobody would be none the wiser. I'd simply like to see a change in attitude.. If someone posts an unofficial link to an APK which is already available by developers, I'd like to see people stand up and point to the OFFICIAL website.
At the moment, people are actually ENCOURAGING bad security practices, and doing so makes XDA a target ripe for future attack. And I don't want to wake up to a forum of people *****ing about Samsung, for a problem caused because of a trojaned copy of Angry birds beta on XDA.
We should build awareness now for people to get files from the last link in the chain, rather than wait for someone to try it (which they probably will, and may have already done)
Click to expand...
Click to collapse
Are you familiar with modifying an APK? It is not nearly as easy as you make it seem. If the developer doesn't release the source code, it can't easily be functionally modified minus a few graphics and the like. Not to mention, this is how the iPhone jailbreak system works in regards to getting content. And has been going on with PC for years.
I really do not think it's something we have to worry about. Just install an anti-virus on your phone if you're worried.
1) Grab 7zip to decompress your apk package.
2) And yep, there are tools to decompile dex files too. Technically it seems to be more like disassembly, but can probably easily be modified to cause the app to ring russian phone sex numbers every 10 minutes without your consent, or do other nasty things. There are some security mechanisms in place, but that doesn't make them invincible.
You tell me, what is the advantage of encouraging reposting of APK's with already existing websites? Because it doesn't seem to have any advantages, but can have BAD security implications.
Good thing to raise awareness among users, but alas - most of them don't even bother to read the permissions requested by apps downloaded from the market.
There are actually quite few people that have an idea of what could happen if they had a rouge app on their phones. I recently tried to give a similar general warning in another forum that people should take care when flashing "beta" firmwares downloaded from some hosting site and not from the developer... You think most of them cared? Sadly they didn't...
There's nothing wrong with being a bit cautious and smart about the way we do things. I'll trust the app if I see the dev is in "the" community.
Sent from my GT-I9000M using XDA App
andrewluecke said:
1) Grab 7zip to decompress your apk package.
2) And yep, there are tools to decompile dex files too. Technically it seems to be more like disassembly, but can probably easily be modified to cause the app to ring russian phone sex numbers every 10 minutes without your consent, or do other nasty things. There are some security mechanisms in place, but that doesn't make them invincible.
You tell me, what is the advantage of encouraging reposting of APK's with already existing websites? Because it doesn't seem to have any advantages, but can have BAD security implications.
Click to expand...
Click to collapse
So, obviously you've never tried to actually edit one of those XML files within it. try that and get back to me.
APK's are not open source and cannot be decompiled and edited. The only way for what you are suggesting can happen, to happen, is if the APK in question had its sources released so someone else could release an edited version of the program, made from scratch, in java.
"can probably" is not very sure. The chances of someone posting a completely separate app with the name of a well known app is much more likely than someone editing an existing app (assuming the sources were available).
If you have no clue about android apk development why even bother arguing?
opensourcefan said:
There's nothing wrong with being a bit cautious and smart about the way we do things. I'll trust the app if I see the dev is in "the" community.
Sent from my GT-I9000M using XDA App
Click to expand...
Click to collapse
Agree 100%. Much better said! You don't know who's releasing what, so watch what you're installing and just make sure it looks like the program you were looking for in the first place..
Electroz said:
So, obviously you've never tried to actually edit one of those XML files within it. try that and get back to me.
Click to expand...
Click to collapse
Refer to apktool Link
Or Apk Manager (My Signature)
Xml's can be 100% decompiled/recompiled from binary to human readable and back thanks to apktool.
2 options to make sure ur safe :
1. Dont install root applications (they require 0 upfront standard android api permissions hence u won't know what its doing behind the scenes)
2. Install apps by transferring them to ur phone and using the package manager, that way you can see standard permissions (if any) and judge accordingly.
You know what would be cool, if superuser could log the "su" commands a root requiring app executes
Daneshm90 said:
Refer to apktool Link
Or Apk Manager (My Signature)
Xml's can be 100% decompiled/recompiled from binary to human readable and back thanks to apktool.
Click to expand...
Click to collapse
Wow, my bad.... But no wonder major game companies aren't developing for the platform yet.
But even if the apk that u downloaded from the net have a virus (eg. sends SMS to get money), you will still see the permission when installing so an antivirus isnt needed, or am i wrong?
leoon said:
But even if the apk that u downloaded from the net have a virus (eg. sends SMS to get money), you will still see the permission when installing so an antivirus isnt needed, or am i wrong?
Click to expand...
Click to collapse
If its a non-root requiring app then yes, it must disclose its permissions prior to installing it through package manager not if u use adb to install.
You just have to judge, if a wifi toggle app is asking for email/sms permissions, you might want to be careful
As for root-requiring apps, theres not much you can do other than read reviews for that app or decompile and try to understand what its doing behind the scenes.
Electroz said:
Wow, my bad.... But no wonder major game companies aren't developing for the platform yet.
Click to expand...
Click to collapse
It's quite easy to modify disassembled app code as well - trust me ;-) Also I think we will have possibility to decompile to Java code in the future.
Just don't think of your phone as a smaller PC (especially Windows), because this isn't true. There will never be antiviruses for Android and your only protection are permissions. Anyone could create market account and upload malicious app.
About game companies: they usually write in native code and it's really hard to decompile (or maybe even impossible for now). Besides... did you heard about gameloft's recent games? They're really awesome. Note that first 3d-gaming capable Android phones were released just ~10 months ago, so it's still quite early.
leoon said:
But even if the apk that u downloaded from the net have a virus (eg. sends SMS to get money), you will still see the permission when installing so an antivirus isnt needed, or am i wrong?
Click to expand...
Click to collapse
It should, however, what if it is an alternate launcher, in which case, you'd expect it to be able to send SMS's and make phone calls. That's all fine, until you realise the copy of launcherPro you downloaded using a multi-upload in XDA is having phone sex with a russian operator costing you hundreds of dollars.
It's actually good Brut spoke here. Brut[Maps] is relevant, because it introduces new features which distinguishes it from Google's version. However, can we trust Brut as much as we can trust Google? He seems trustworthy yes, but as trustworthy as Google? Questionable. (Btw Brut, good work on your mod). Of course, his mod does have considerable benefits showing he is interested in helping the community and he hasn't caused any problems thus far. That only means his official multi-upload posts are safe though, if I repost them elsewhere, you shouldn't trust my copies.
It's common sense that programs should pass by as few hands as possible to remain secure. We need to build awareness about security practices (particularly for business users who may compromise their companies security or information). I'm not saying all rom's are safe.. Think about it though, if an APK is already readily accessible, why would someone go through the effort of re-uploading it?
Furthermore, we should encourage people using their phone's for important purposes to use the official Kies releases, not random firmware's available from Samfirmware's (which may not even be final versions).
Remember, trojans are common in the warez world, and it's better to change the attitude of the community before they become a problem here too (otherwise, people will be stuck in a poor mindset that compromises herd immunity). XDA is a website targeted at the technical crowd, and we should set a good example.
@Electroz. Haven't disassembled them myself, but checked a tutorial. But someone has responded already anyway.. Just because I don't have experience doing it myself anyway, doesn't mean it isn't widely known to be possible.
Several big guys already launched Antivirus For Android
Norton, Trend, and a few more
i think we are pretty safe with those
however... it's suck if they run in the background all the time eating the juice+cpu power away
Anti-virus only helps for known trojans anyway, and since so few people have it installed, it doesn't help much. When Android has it built in though, it may be more useful.
Anti-virus should be considered a last line of defense anyway. And either way, I'm not concerned, because I try to minimise the risks of my own sgs. However, it's a concern that people here don't believe such a risk exists, and are actually encouraging a global attitude which might make the Android population ripe for social engineering attacks in the future.
@andrewluecke
I understand you, I don't say there is no problem with security. I say it doesn't matter you will get malicious software from mirror or Market itself. We could assume apps downloaded from WWW are more dangerous, but this problem is general one: people should be cautious whenever they install something with critical permissions. If they won't they will have problems anyway - it's just a matter of time.
I agree with you: it's important to aware people of that problem. This is actually only one thing we can do: be aware and cautious.
Ahh and in many situations it's possible to protect yourself against problem with redistribution. First, you could check md5 - many developers give it to people, I do. Second: signatures. Each app is signed by its author, so you could check its authenticity. You could check signatures of downloaded apk using public key uploaded by dev to his WWW or using "safe" apk you downloaded earlier. Unfortunately there are no tools to do that easily :-/ Also Android does this check automatically when you install new software. So if you have installed e.g. GM modded by me, then you have downloaded new version from some mirror and succeed at installing it, you can be sure it was also from me and nobody modified it.
AllGamer said:
Several big guys already launched Antivirus For Android
Norton, Trend, and a few more
Click to expand...
Click to collapse
Hmm? I think it's impossible, cause apps can't get to data and resources of others apps. And creating an app for root users only wouldn't have much sense.
I have found Norton Smartphone Security for Android and it's anti-theft protection, not anti-virus.
I'm not a coder and came from IT field so I have lots of general questions about apk security and found this thread...great discussion. TY
Just a general question about apk security...how easy is it to alter apk for malicious intent? And is it possible for spyware writers to turn some freebie apk or rom into a bunch of botnet drone? ...just kinda scary to imagine
the news about android virus gets me nervous about installing any apk released from any individual
http://www.talkandroid.com/24949-new-android-trojan-virus-discovered-dubbed-gemini/
kobesabi said:
how easy is it to alter apk for malicious intent?
Click to expand...
Click to collapse
Quite easy for a good developer.
kobesabi said:
And is it possible for spyware writers to turn some freebie apk or rom into a bunch of botnet drone?
Click to expand...
Click to collapse
Yes, but I think that would be quickly noticed by people and then these apks, roms and developers would be banned from every forum in the internet.
Brut.all said:
Quite easy for a good developer.
Yes, but I think that would be quickly noticed by people and then these apks, roms and developers would be banned from every forum in the internet.
Click to expand...
Click to collapse
Wow, scary. Unless there is something else, that they can't get away, I don't think banning would deter much, they just laugh at the weak security as a fun challenge. If they already got tons of ip under their control...banning by account, ip, or email will not help much...they can always get new ones.
Is there a way user can authenticate/verify apk signing from authentic author/writer? Many just post apk but did not post md5 or sha sum so how can a user find out if it is original or not?
Anyway to test these apk without loading up to real phone?
Read this link. Read it carefully. It's not just about Google being able to run whatever code they like on your devices, it's about Google DOING it, remotely, without any user intervention/confirmation.
What's next ? Let me throw some wild and far fetched guesses...
* Applanet like apps being killed off on the devices to fight piracy...
* Anything not from the market being wiped out from time to time, for the same reason...
* Users are hunted down and being prosecuted for piracy based on their devices content...
* The system is rigged/updated to block inappropriate content, such as pedophile sites...
* Users are being prosecuted for possessing and/or visiting inappropriate content/providers...
* The "inappropriate" extends to warez sites and regular porn sites, "bad" users are still prosecuted...
* The "inappropriate" extend to the "wrong" political sites, "bad" users are still prosecuted...
* .......
I bet you get the idea. And yea, i know i am taking it too far, but still
PS: Let me add something... the builds we are running on our HD2 are often partially illegal (gaps) etc... hint hint
maybe a little paranoid, ok, well maybe a lot
InfX said:
* The system is rigged/updated to block inappropriate content, such as pedophile sites...
Click to expand...
Click to collapse
not sure why you mentioned this, anyone in their right mind would welcome this particular point.
kam333 said:
maybe a little paranoid, ok, well maybe a lot
Click to expand...
Click to collapse
A lot, exaggerated to the max, of course. But that doesn't turn what Google does right.
kam333 said:
not sure why you mentioned this, anyone in their right mind would welcome this particular point.
Click to expand...
Click to collapse
Thats EXACTLY why i mentioned it.
InfX said:
A lot, exaggerated to the max, of course. But that doesn't turn what Google does right.
Thats EXACTLY why i mentioned it.
Click to expand...
Click to collapse
personally, i think google already knows tooooo much about its users, but in the case of malware, google is definitely the lesser of the 2 evils
let me ask you this, would you rather the big G have some remote access to your device or hackers collecting your personal info. Its the connected world, there's no turning back!!!
only real solution for anyone worried about companies interfering with their device... remove the sim card... for ever.
gnight & dont have nightmares
kam333 said:
would you rather the big G have some remote access to your device or hackers collecting your personal info.
Click to expand...
Click to collapse
Guess what... neither of those
Also, there are terrorists under the bed,chemtrails in the sky, bromine in the water,drug dealers at the school gates, drunks on fones in cars, bondage freaks at work,human traffickers, religious zealots bent coppers paedo nursery workers racists fanatics and plain clothes Google operatives spreading FUD in forums cos its cheaper and gets more results than million pound lawsuits. Oh and bloody clowns.
Just a random outpouring,please continue.
Infx may sound paranoid, and no person of any kind of moral decency would condone anbody using pedophelia porn or any other form of content that causes any kind of harm to anyone. But those are matters for the authorities to deal with, not google. If the internet's morality policies were enforced by a huge internet based company, wouldn't that be considered some kind of a conflict of interests somehow? I mean imagine if Disney were the biggest internet company, we'd never see so much as a single cuss-word or titty. Big companies shouldn't be able to impose their own commercialized morals upon users, the internet will inevitably grow more and more watered down. I don't consider myself a paranoid person, but this type of issue stinks of denial of 1st amendment rights, one step closer to completely government/corporate filtered news-tainment, and corporate control of the masses.
Huggs, i totally agree, thata why i posted this, not because i am actualluly that paranoid (would i still use Internet if i was ?). What i tried to do in my post is to demonstrate a worst case scenario, how would google start with somethimg that should be totally accepted by everyone (fighting pedophily) yet slowly move to fighting things we no longer want it to fight (political opinions).
PS: This little remote control thing is the first step for a corporate giant to become a corporate government, a corporate dictator. And the onlu things corporations care for is money, not their users.
PPS: Just my personal opinion, feel free to disagree.
I like that idea: http://code.google.com/p/open-android-alliance/
InfX said:
Guess what... neither of those
Click to expand...
Click to collapse
you really dont have a great deal of options
android, rim, ios & wp7 all have the ability to "spy" on their users to some degree,
mostly its just basic info such as: gps location, installed apps & how often they're used, crash logs, etc
some apps on ios have been caught out sending even more personal data. The point is, whilst i dont disagree fully with your concerns, i do see your post as somewhat hysterical.
There was no suggestion in the article you linked (or any other that ive read) that google is planning any of things you mentioned, so why mention them, as doing so only makes you a part of the current media trend of FUD as samsamuel put it.
this isnt about deny that all companies are in it 1st for the £$€, then customer welfare further down the list, im talking about being realistic. at this moment in time i cannot see google taking the path that you suggested, i also have far more immediate and real life things to focus on.
im all for a good conspiracy theory, fema detention camps springing up all over the usa (REX 84), the western so called "powers" planting the seeds of unrest in africa & the middle east so they can insert more puppets to secure natural resources (be it oil, gold, diamonds...), i could go on, but this isnt the place.
so let bring it back to google, you are in denial if you think cyber crime isnt going on, and with the rise of the smartphones we will see a rise of cyber crims trying to gain access. so i ask again who would you rather have access to your device?
if you still think or say neither, il know for sure you have lost the plot or you have taken my advice & binned your sim card cause thats the only other option you have.
@huggs, normally your post are quite informative & rational, that last post wasnt imho
no one was talking about censorship, the 1 point about google blocking access to child porn is something i would vote for, this has nothing to do with internet policing, you say thats down to the authorities, but they are not all seeing (no yet anyway) hence the use of informants by law enforcement the world wide, n thats all i would support. yes its possible that you give them a small mandate they will take it further but il worry about that IF the signs arise.
ppl who get there kick this way should have no rights, & should be actively hunted by whatever methods are available & taken out of the general population.
P.S.
Man i would love to have such a care free life that i need to start imagining then stressing about what may or may not happen, but i dont, my concerns are here & now, What you are talking about ISNT.
sorry for the lengthy post but your suggestions/posts are a subtle form of propaganda and a 1 line response really wouldn't cut it.
all the best
Kam
I say if we are doing something wrong and get caught that's our own fault.
How is it illegal? Isn't android open license ie freeware?
Sent from my HTC HD2 using XDA App
@kam333, i may be way less paranoid than you may think, mind the fact i've posted this as a VERY far-fetched and unrealistic speculation that only got slim to nil chance of actually happening, but it does demonstrate a possibility of undoubtedly good things becoming a base to slowly advance into nasty control-it-all direction. And, yea, your suggestion about binning the SIM card won't work. I still got WiFi
@dung8604, search the net about why Cyanogen mod no longer includes Google apps.
Well, I'm running a cooked rom without a Google account set up. So I can cross that off of the paranoid list.
I can't say I'm surprised by anything written in the article.
Did a quick search and from what i can tell, only Google apps are proprietary. Nothing about the OS itself though
Sent from my HTC HD2 using XDA App
So, guys..
I was going through some blogs, which stated that there are so many malicious apps in android market. Recently, Avast, which has launched an app in market, reported to google about some malicious apps.
Here is the article:-
https://blog.avast.com/2011/12/13/android-malware-in-the-open-marketplace/
So, what i was thinking is that do we really need an Antivirus app, to protect our android phone??
Using an antivirus app will mean that, it will consume RAM continuously, and so will consume battery too.
I am starting this thread, so that we can discuss, here ,if we really need it.
So, share your views, experiences with any malicious app in the market place, and also suggestions about which antivirus app should we use, if this kind of thing exists in android.
Of course you do, i use Lookout Mobile Security and it has caught a few trojans which were potenially harmful to my phone, not too many but it did quarantine a few since ive had it.
Basically anyone who doesn't have any type of protection on their dog and bone is taking a big chance.
The answer is NO.
I've posted an article from tech2.com in Indian thread where someone from Google said it while talking about Trozan AV apps.
ithehappy said:
The answer is NO.
I've posted an article from tech2.com in Indian thread where someone from Google said it while talking about Trozan AV apps.
Click to expand...
Click to collapse
Did u read the link i posted?
It really shows the possibility of some malicious apps, co-existing in Android Market. Don't we need to be protected?
ithehappy said:
The answer is NO.
I've posted an article from tech2.com in Indian thread where someone from Google said it while talking about Trozan AV apps.
Click to expand...
Click to collapse
Well if you ever get a trojan on your SGSII don't come crying on here, ever heard of better be safe than sorry!!
jonny68 said:
Well if you ever get a trojan on your SGSII don't come crying on here, ever heard of better be safe than sorry!!
Click to expand...
Click to collapse
Thats what i am trying here "Better be safe than sorry"
Well you should've created this thread without the 'Do' and '?'. Everyone is entitled to his/her own opinion. You didn't like my post IGNORE it, don't quote me and advice me what I need to do. A '?' thread should only be created where everyone can share his/her opinion and then it's up to the Thread starter what he/she will take from all the answers.
Anyway, keep using what you are using.
@jonny68- Have you seen such a thread like that in this 8 + months?
This is what Chris Dibona, Google's Open Source Program Manager said,
Chris DiBona, Google's open-source programs manager stated in a blog post, “No major cell phone has a 'virus' problem in the traditional sense that Windows and some Mac machines have seen. Virus companies are playing on your fears to try to sell you bulls***protection software for Android.”
Click to expand...
Click to collapse
Source:
http://tech2.in.com/news/android/go...-antivirus-apps-in-android-marketplace/260952
Sorry I had to BOLD the line for you guys, it's a shame to modify some other comments.
Another thing, if someone even said that Antiviruses are needed for Android I would never use it.
The story is exactly the opposite when I use my Desktop PC fyi.
Regards.
ithehappy said:
Well you should've created this thread without the 'Do' and '?'. Everyone is entitled to his/her own opinion. You didn't like my post IGNORE it, don't quote me and advice me what I need to do. A '?' thread should only be created where everyone can share his/her opinion and then it's up to the Thread starter what he/she will take from all the answers.
Anyway, keep using what you are using.
@jonny68- Have you seen such a thread like that in this 8 + months?
This is what Chris Dibona, Google's Open Source Program Manager said,
Source:
http://tech2.in.com/news/android/go...-antivirus-apps-in-android-marketplace/260952
Sorry I had to BOLD the line for you guys, it's a shame to modify some other comments.
Another thing, if someone even said that Antiviruses are needed for Android I would never use it.
The story is exactly the opposite when I use my Desktop PC fyi.
Regards.
Click to expand...
Click to collapse
You forgot the rest of this story:
"Honestly, anti-virus software are not needed on mobiles, just as long as you don’t download random apps you should be just fine" ...
Most people in here download and install tons of apps, modifications and tweeaks on rooted phones ... LOL
Why not just instal a free one?
Better safe than sorry...
Send from my GT-I(OVER-9000) using XDA App.
ithehappy said:
Well you should've created this thread without the 'Do' and '?'. Everyone is entitled to his/her own opinion. You didn't like my post IGNORE it, don't quote me and advice me what I need to do. A '?' thread should only be created where everyone can share his/her opinion and then it's up to the Thread starter what he/she will take from all the answers.
Anyway, keep using what you are using.
@jonny68- Have you seen such a thread like that in this 8 + months?
This is what Chris Dibona, Google's Open Source Program Manager said,
Source:
http://tech2.in.com/news/android/go...-antivirus-apps-in-android-marketplace/260952
Sorry I had to BOLD the line for you guys, it's a shame to modify some other comments.
Another thing, if someone even said that Antiviruses are needed for Android I would never use it.
The story is exactly the opposite when I use my Desktop PC fyi.
Regards.
Click to expand...
Click to collapse
M sorry, if it hurted u.
Everyone has absolute right to express their views.Be it wrong or right.
Sent from my GT-I9100 using XDA App
Well Google are hardly gonna freely admit the fact that there are some rogue apps in the Android Market which contain trojans as this will put off many people (not just talking anti-virus here), the simple facts are despite the nonsense by Chris DeBona or whoever is the fact that you are taking a calculated rick by not having some type of protection on your phone, this is even more so if you do happen to download apps from other sources but even in the Android Market you can never be totally sure, Lookout Mobile Security is totally and utterly 100% legit and used by many thousands of people and business' alike,clearly there are some rogue apps masquerading as anti-virus apps but also others too.
Smartphones are like pc's now. What you can do with your computer your smartphone does it for you on the go. You have so many apps you browse over the net even if you are using the wireless one from home say for example anything can come through..Say if you are downloading a rom or a leak you never know what might be in them...As the OP and Jonny said above.."always be safe than sorry" that is how i see things
http://androidship.com/2011/05/29/the-android-anti-virus-epidemic/
Read that.
If you plan on downloading apps without looking at who makes them or looking at any reviews, then yes, there's a chance you can get an app that causes issues.
And that applies for ALL os's. How many apple laptop/desktop users run an antivirus? Android is built on the same type of platform, unix.
That doesn't mean an 'antivirus' app will do anything special. It uninstalls apps the same way you do under manage applications.
Sent from my páhhōniē
I all true sense you need to have read the permission that the applications needs when you install a app. If your are lazy enough to not do that have application like LBE security installed to monitor what each applications is up to ... i believe rather then a antivirus a good app fire wall is needed.
You probably don't need one, just as any power Windows user doesn't. That said you'd be crazy to not have one in Windows. Difference being a desktop has a tremendous amount of resources and allocating some to an antivirus program is no big deal. Not so on a phone. Plus there's the consideration of battery impact.
In a nutshell I'd say you'd be just fine without one.
I feel much the same way about antiviruses on Android as I do about hand-holding paid antivirus programs on Windows. If you know what you're doing, you don't need them at all. On the other hand, if you're going to download hundreds of dodgy applications at random and pay no attention to reviews/permissions/odd behaviour, then more fool you, get an antivirus app.
LBE privacy guard is a different story, since it performs a rather different function, and allows you to enjoy apps like Facebook without giving them access to the likes of text messages and phone ID.
You guys know Samsung have their own lightweight security suite in Samsung apps, yeah?
Sent from my GT-I9100 using xda premium
ithehappy said:
Well you should've created this thread without the 'Do' and '?'. Everyone is entitled to his/her own opinion. You didn't like my post IGNORE it, don't quote me and advice me what I need to do. A '?' thread should only be created where everyone can share his/her opinion and then it's up to the Thread starter what he/she will take from all the answers.
Anyway, keep using what you are using.
@jonny68- Have you seen such a thread like that in this 8 + months?
This is what Chris Dibona, Google's Open Source Program Manager said,
Source:
http://tech2.in.com/news/android/go...-antivirus-apps-in-android-marketplace/260952
Sorry I had to BOLD the line for you guys, it's a shame to modify some other comments.
Another thing, if someone even said that Antiviruses are needed for Android I would never use it.
The story is exactly the opposite when I use my Desktop PC fyi.
Regards.
Click to expand...
Click to collapse
I totally agree, like task killers and power managers, useless...
I hate the kind of pseudo-logic that is thrown around in these discussions, which paraphrase to look something like this...
LogicLord221 said:
<insert random bull**** about why their point is valid> there's a million million trojans out there and platform x is so insecure, I read this and this which says we're all in danger!
Click to expand...
Click to collapse
Basically, the point people are trying to make is that danger lurks everywhere, and you need to protect yourself, or you'll be sorry later. Scare tactics at best.
While I am an advocate for protection by prevention, that doesn't automatically lead to the conclusion that you need antivirus software for your device! It's that kind of bull**** logic that annoys the **** out of me. To quote the Oxford English Dictionary:
"Prevention"
Pronunciation: /prɪˈvɛnʃn/
noun
[mass noun]
The action of stopping something from happening or arising.
Phrases:
Prevention is better than cure.
Click to expand...
Click to collapse
Do you see the problem here? It doesn't say "The action of installing an antivirus", it says to stop something from happening. There are many ways to go about preventing infection of your device:
1) Check what you're downloading comes from either a) a reputable source, b) is backed by a reputable source, or c) is backed by numerous (>50-100) positive comments, reviews, etc. This means, don't download that app that has a bunch of one-star reviews, and has people screaming "TROJAN!" in the comments field.
2) Stick to the Market. While it's true that a lot of the infected content will indeed come from the Market itself, Google do a good job of removing offending apps, so compared to other sources of content (e.g. just downloading the APK from a server), it's a lot safer.
3) Don't pirate ****. This is probably the number-one source of malware on Android. Don't be a cheap dumbass.
4) Stay away from 'questionable' material. This includes, but isn't limited to:
- porn
- pirated content
- file sharing sites
5) Have some common sense! I can't stress this one enough, you can have the most advanced piece of software in the world, but if you're acting like a reckless child, you don't deserve to use the device, and you're bound to find yourself neck-deep in malware. Apart from the above, take some active steps to secure yourself. Change your browser settings to run Flash content on-demand instead of automatically, (if possible) set it to have you manually accept cookies, etc. Perhaps the best use of common sense would be in checking the permissions you allow an app access to when it's installed. Look, if an app that is designed to parse a line of text is requesting full internet access, access to SMS capabilities, etc., it'd be best to leave it alone, don't you think? Moreover, if something's requesting superuser permissions, it'd better have a damn good reason why. Read the permissions, and understand what you're allowing.
...because in the end, that's the hard truth -you're the one allowing access.
If you follow these simple steps, you'll protect yourself from 99% of malware. If you're worried about that 1%, don't be. Android malware hasn't progressed to the point where it's a major threat yet, so even if something does get through, it'll more than likely be nothing too major, and you'll figure out something's up pretty quick anyway. This may not be the case in say 12 months, but for now, it's fine.
If you're really paranoid, keep an app on standby, and run a scan every week or two, but disable any background process it has, it's more of a waste of time anyway. On a final note, keep in mind that it's been shown multiple times that Android antivirus software is, to be blunt, rubbish at detecting even the most common pieces of malware.
Remember, prevention is better than a cure
Im using kasperky mobile security cause i got a 1 year licence from a magazine.. But i never got an alarm until now (1,5 months), so i think atm its not necessary to use it .. Perhaps in some months when there are more viruses out in the web^^
Sent from my GT-I9100 using Tapatalk
screamworks said:
3) Don't pirate ****. This is probably the number-one source of malware on Android. Don't be a cheap dumbass.
Click to expand...
Click to collapse
Most Android apps are of such low quality they don't deserve to be purchased.
Sent from my SGH-I897
Hello,
i want to present you my latest open source library for android:
By using adblocker or activating the airplane mode it is possible to bypass the display of advertisement like admob banners in apps.
Now you can prevent this behaviour by using this library.
Instead of the blocked out admob banners show your banners for own products or products of your partners. The banners are stored within the app and can be displayed instead.
The project is a lib project with a sample project to show you how easy it is to integrate it into your project.
There is a basic implementation and an advanced implementation with callbacks.
It is possible to use banner ads and full screen ads at same time.
https://code.google.com/p/android-alliance-ads
Apps that use this library:
ID Card Scanner (Banner Ads)
My Instructions (Banner Ads)
Levi the Knight (Fullsceen Ads)
Best regards
Droidspirit
First reply,
Have no idea what to write
Just gonna say "Thanks"
Sent from my room mate's computer
Is this lib a wrapper for admob?
Nonta72 said:
First reply,
Have no idea what to write
Just gonna say "Thanks"
Sent from my room mate's computer
Click to expand...
Click to collapse
You know everyone could read this??
You are about to get quite a lot of hate, I know cause I'm starting to hate you.
So what ?
defim said:
You know everyone could read this??
Click to expand...
Click to collapse
I know everyone can read it as well -_-
Sent from my room mate's computer
Curses!!... Oops sorry couldn't control my emotions..
Anyway, like you said this is a lib that will contain ads for offline display, that means this could be really bulky to include in apps?
I think this is good
Not because I like ads but as written many people disable the ads and the developer doesn't earn as he should
Good idea and for sure developers will use it
Yes, the lib is a wrapper for admob.
Anyway, like you said this is a lib that will contain ads for offline display, that means this could be really bulky to include in apps?
Click to expand...
Click to collapse
Your own banners use exactly the same dimensions as the admob banners. The normal user will not notice a difference to the admob banners.
You are about to get quite a lot of hate
Click to expand...
Click to collapse
I hope it. The slogan is: "The scrounger have to pay"
You can test the lib in all my apps.
Thanks for the positive feedback
I just hope that all the developers will add a "pro" version of all apps released with this lib. I would rather pay cash than be annoyed by ads and banners.
Being forced to view ads without the ability to pay (or block!) for them to go away leads to uninstallation in my device. Every time.
I use an adblocker, but in saying that I pay for apps that are useful and solid.
A big decider for me is not only design in function but design in appearance.
The adblocker helps in making my choice to buy an app by removing distractions that are additional to the design and function.....
For me if I can't get a clean first impression then I probably don't want to spend time imagining how the app will work without advertising.
Sent from my Find 5 using Tapatalk
Droidspirit said:
Yes, the lib is a wrapper for admob.
Your own banners use exactly the same dimensions as the admob banners. The normal user will not notice a difference to the admob banners.
I hope it. The slogan is: "The scrounger have to pay"
You can test the lib in all my apps.
Thanks for the positive feedback
Click to expand...
Click to collapse
Just a notice if you patch the ads with offline mode you'll get no ads not even your own ads just a hint
[24th May i'm on vacation. so no work will be done] JAPAN HERE I COME :]
Yes, i know. The offline mode is also just for testing and possibly increases the willingness to buy.
Many users enable the airplane mode while playing games to disable ads. But that no longer works with the library.
I hope most users do not think like me but i really hate the advertised product when it shows up constantly!
How do you earn money with prepackaged ads ? How do you monetize this ?
With own banners you earn no money. but you can promote your other apps. or you show banner on another developer and he in turn for you. So you increase the breadth of your apps.
Good step
I block adds. Not to see no advertising but to protect my privacy.
Users should be able to decide weather the want to be tracked by add companies or not.
I totally understand that some developers don't want to sell the apps but need some money for further development. If the adds are stored locally no tracker will be informed in real time.
Offline ads? Incredibly annoying and will reduce my support of Devs that go this route. Finding innovative ways to antagonize end users is ill considered. It's dismaying when Devs use ads as their primary (or worse, sole) revenue stream. I have absolutely no problem with Devs who have an ad free paid version and an ad supported "free" version. You do deserve to be compensated for your work. But realize that there is a right way and wrong way to go about that.
If your work is interesting enough for me to install, I for one will buy the paid version app. Devs that do not have an ad free alternative should expect a lot of hate. Well deserved hate. There is a lot a good work by Devs to be admired on this site. Please don't make it hard to support your work. Or erode end user loyalty by totally alienating us.
Hey, nice lib! I will have fun figuring out how to block it entirely in all ROMS I release. Hell, maybe I'll make an exposed module too.
As a developer, it's your right to decide how to try and generate revenue from your work.
And, as an end-user, it's my right to not have to look at ugly banner ads. Honestly...how many deliberate clicks have you EVER seen on a banner ad? I can't think of anybody in their right mind who would ever want to click one.
Here's a better idea...instead of helping others to continue to force crap on users...either make the app entirely free, or make one feature-restricted version and one premium version. You know...make us want to pay for more STUFF instead of less CRAP.
But no, really...I will be working out a way to block this ridiculous idea. Thanks.
I don't dev for andro but nice lib. Hope devs would make a good use of this and give a way out of the adds (ads removal in app purchase !)
Congratulations for portal appearance !
Gillion said:
How do you earn money with prepackaged ads ? How do you monetize this ?
Click to expand...
Click to collapse
You can put a banner to buy ccleaner for your computer and use a customized link to get some money on the buy, you can put an ads for a paid app you made yourself ... just an example, there's multiple ways. Imagination is the key.
It was all nice and good but..
Droidspirit said:
Levi the Knight (Fullsceen Ads)
Click to expand...
Click to collapse
Allowing this kind of ads to show with your lib will just make people who don't mind well placed ads (unobtrusive banners, ads in the settings screen) look for a way to disable your lib.
Although there is no (yet) statistics showing the real number to how bad the piracy on Android is, there are reports saying more than 90% of installs on Android were not paid for (Google). There have been lots and lotsa blows exchange between developers and hackers (and for gods sake this is never gonna end). Anti-piracy solutions are being discussed here and there, all the discussions are (eventually) pointing towards server authentication as the only way to counter piracy effectively.
As a developer, I am not excused from all this hack-and-anti-hack things. And (obviously) I have no better solution than anyone else. Here, I am gonna share a small library that I have coded to help scan for pirate apps on the device. This library is really simple, what it does is to grab a list (I called it pirate-app-list) from the internet and scan it through the device to determine whether an offended app is installed on the device.
This project is actually a product from the 1st suggestion in this XDA thread. In the thread, it recommends to search for the pirate apps and force the user to uninstall it. I implemented the former part of the suggestion, while leaving the latter to the developers to decide. The only difference that I have made is to put this static list on the internet instead of hard-coding it to save us the trouble of updating the app for the purpose of updating the list.
This project is by no means a solution to anti-hacking. Rather, its a hope that developers can work together to make sure users stay away from those apps (by forcing/reminding them to uninstall it). I believe those apps will not survive if it does not gain enough active users? Or maybe it does..
This project is open-sourced on GitHub together with the pirate-app-list. Feel free to check it out.
Currently, only "Lucky Patcher" and "Freedom" are listed on the pirate-app-list (with filters). Anybody interested in the project are free to join so we can work on the list and more importantly, the definition of what a pirate app is.
Your feedback is very much appreciated.
Thank you.
reserved
reserved
Lucky patcher is also used for functions that do not concern piracy, such as running two versions of the same app... I think that you can't force or continuosly remind a user to uninstall an app that he needs.
Edit: Also, I think that most of the piracy is based on pirated apk, not apps like LP or Freedom, which only act for IAP. The solution to prevent IAP piracy is server validation, but for pirated APK it's not.
Coraz said:
Lucky patcher is also used for functions that do not concern piracy, such as running two versions of the same app... I think that you can't force or continuosly remind a user to uninstall an app that he needs.
Edit: Also, I think that most of the piracy is based on pirated apk, not apps like LP or Freedom, which only act for IAP. The solution to prevent IAP piracy is server validation, but for pirated APK it's not.
Click to expand...
Click to collapse
Thank you for your reply.
Actually, as I have pointed out in the thread, this project implements only the scanner part, it doesn't act for the developers. Developers have to decide what they want to do with the detected piracy. Its really nice to be able to run 2 versions of the same app on 1 device, I believe ChelpuS should make another app with this feature, or without other features in Lucky Patcher.
I'm sorry, but if an app tells me to uninstall something - I'm uninstalling that app first
DANIEL TAN said:
Although there is no (yet) statistics showing the real number to how bad the piracy on Android is, there are reports saying more than 90% of installs on Android were not paid for (Google). There have been lots and lotsa blows exchange between developers and hackers (and for gods sake this is never gonna end). Anti-piracy solutions are being discussed here and there, all the discussions are (eventually) pointing towards server authentication as the only way to counter piracy effectively.
As a developer, I am not excused from all this hack-and-anti-hack things. And (obviously) I have no better solution than anyone else. Here, I am gonna share a small library that I have coded to help scan for pirate apps on the device. This library is really simple, what it does is to grab a list (I called it pirate-app-list) from the internet and scan it through the device to determine whether an offended app is installed on the device.
This project is actually a product from the 1st suggestion in this XDA thread. In the thread, it recommends to search for the pirate apps and force the user to uninstall it. I implemented the former part of the suggestion, while leaving the latter to the developers to decide. The only difference that I have made is to put this static list on the internet instead of hard-coding it to save us the trouble of updating the app for the purpose of updating the list.
This project is by no means a solution to anti-hacking. Rather, its a hope that developers can work together to make sure users stay away from those apps (by forcing/reminding them to uninstall it). I believe those apps will not survive if it does not gain enough active users? Or maybe it does..
This project is open-sourced on GitHub together with the pirate-app-list. Feel free to check it out.
Currently, only "Lucky Patcher" and "Freedom" are listed on the pirate-app-list (with filters). Anybody interested in the project are free to join so we can work on the list and more importantly, the definition of what a pirate app is.
Your feedback is very much appreciated.
Thank you.
Click to expand...
Click to collapse
Sorry to tell you. But XDA rule number 6 States that you are not allowed to talk about apps like Lucky Patcher and Freedom. I hope the moderators will ignore you for a noob.
Regards,
PoseidonKing
PoseidonKing said:
Sorry to tell you. But XDA rule number 6 States that you are not allowed to talk about apps like Lucky Patcher and Freedom. I hope the moderators will ignore you for a noob.
Regards,
PoseidonKing
Click to expand...
Click to collapse
You are misinformed. We allow threads such as these because they are educational and are about preventative purposes against those applications. I would suggest you actually read what the purpose of this thread is about before telling other users about what the XDA rules say, which incidentally is not your 'job' to do.