简体繁体 English

cordova检测应用程序是否从Google Play下载

[英]cordova detect if app was downloaded from Google Play

原文 2014-12-15 23:36:03 3 3 android/ cordova

I'm making a Cordova 4.0 Android app that will be sold in Google Play, and I would like to prevent illegal use of it (for example preventing someone to extract the APK from the system and re-distributing it). 我正在制作将在Google Play中出售的Cordova 4.0 Android应用程序，并且我想防止对它的非法使用（例如，防止他人从系统中提取APK并重新分发）。

One theoretical way of doing this would be by checking that when the app is launched by the user, he did actually download it from Google Play (versus being it sideloaded). 一种理论上的实现方式是通过检查用户启动该应用程序时，是否确实从Google Play下载了该应用程序（而不是侧加载）。 I'm not even sure if this is possible or if there's an alternate way of doing something like this. 我什至不确定这是否可行，或者是否有另一种类似的方法。

One way that works in other cases is to use require some sort of login when accessing the app, but in this case I can't do that. 在其他情况下有效的一种方法是使用该应用程序时需要某种登录名，但是在这种情况下我无法做到这一点。 Any advice would be appreciated! 任何意见，将不胜感激！

3 个解决方案

Google offers a way to implement validation / licensing: http://developer.android.com/google/play/licensing/index.html Google提供了一种实现验证/许可的方法： http : //developer.android.com/google/play/licensing/index.html

Take a look if this is what you need! 看看这是否是您所需要的！

One suggestion would be for those apps which are get connected to a server to fetch some data. 一个建议是连接到服务器以获取一些数据的那些应用程序。

App verification token 应用验证令牌

Generate an encoded 64-bit long token and store on both device & server as well. 生成编码的64位长令牌，并将其存储在设备和服务器上。 This will be a unique token per app 这将是每个应用程序的唯一令牌

Whenever app tries to connect to server, it sends the device token details. 每当应用程序尝试连接到服务器时，它都会发送设备令牌详细信息。 Server needs to verify it before fulfilling its request. 服务器需要在完成请求之前对其进行验证。

On specific events, server can generate a new token for a device. 在特定事件上，服务器可以为设备生成新令牌。

Same way, device token can be mapped to a user or an app on the server side. 同样，设备令牌可以映射到服务器端的用户或应用程序。

Token could carry some app related information, for instance . 令牌可以包含一些与应用程序相关的信息，例如。

first 4 or 6 digits represent app size 前4或6位数字代表应用大小

second block of digits could represent user specific or device or some other details 第二个数字块可以代表特定于用户或设备或其他一些详细信息

Or another block could hold app contents modification date 或其他区块可能保留应用内容的修改日期

In case of any change, server could verify the app size, last app contents modification dates, etc. 如果有任何更改，服务器可以验证应用程序大小，上次应用程序内容的修改日期等。

Generally it is recommended to uglify, obfuscate and minimize app resources before submission. 通常，建议在提交前丑化，混淆和最小化应用程序资源。

You can use the package manager class to determine the source of an app (only google or amazon currently detected) 您可以使用包管理器类来确定应用程序的来源（仅当前检测到的google或Amazon）

You can similarly use google analytics which gives same information. 您可以类似地使用Google Analytics（分析）来提供相同的信息。

This is pretty neat since Android stores the source of every package, allowing apps to know where they came from, to prevent piracy and sideloading. 这非常好用，因为Android会存储每个程序包的源代码，从而允许应用程序知道它们的来源，以防止盗版和侧面加载。

Great if you always publish to google or amazon. 如果您总是发布到Google或亚马逊，那太好了。 Useless if you sideload your app. 如果您侧重应用程序，则无用。