如何将Android应用程序保护到设备?
[英]How do I secure an Android app to a device?
问题描述
For an industrial application which is installed and shipped on Android devices, I want to secure the app against unauthorized copying to other devices. 
对于在Android设备上安装和运输的工业应用程序,我希望保护该应用程序免遭未经授权的复制到其他设备。 My understanding is that there are numerous applications (some running on Android devices and some on desktop PC's) which can copy apps as APK files and install them on other Android devices. 我的理解是有很多应用程序(一些在Android设备上运行,一些在桌面PC上运行)可以将应用程序复制为APK文件并将其安装在其他Android设备上。 (some of these are marketed as backup software) (其中一些作为备份软件销售)
What is Android's authorization model? 什么是Android的授权模式? Does it depend on having a Google Account or using Android Market? 是否依赖于拥有Google帐户或使用Android电子市场? (these devices don't have a Google Account associated with them, and the industrial environment where they are used usually doesn't have WiFi access). (这些设备没有与之关联的Google帐户,并且使用它们的工业环境通常没有WiFi访问权限)。
How do I write my app to run on just the device we install it on? 如何编写我的应用程序以仅在我们安装它的设备上运行?
2 个解决方案
解决方案1
4 2012-03-06 15:30:15
When you go to upload an application to the Market there is an option to enable "Copy Protection" which states 当您将应用程序上传到市场时,可以选择启用“复制保护”,其中指出
Copy protection may help prevent applications from being copied from a device.
and 和
If you have a paid application, we recommend that you implement the Android Market licensing service.
I don't think that the copy protection is bullet proof by any means though. 我不认为复制保护无论如何都是防弹。 If someone is determined and has one of your devices they could likely still get the apk off of it (especially if they are willing to root the device). 如果有人确定并拥有您的某个设备,他们可能仍然可以从中获取apk(特别是如果他们愿意根设备)。
I imagine the best solution is going to be something you create and implement yourself. 我想最好的解决方案就是你自己创造和实施的东西。 How many devices will this application get installed on total? 该应用程序总共将安装多少台设备? Perhaps you could get unique IDs for each device and have the application check to ensure that the device it is running on is has an ID that is on that list. 也许您可以为每个设备获取唯一ID,并检查应用程序以确保其运行的设备具有该列表上的ID。
If getting IDs for each device is too much of a hassle. 如果为每个设备获取ID太麻烦了。 What is the install process going to be? 安装过程是什么? Perhaps the first thing the application does after it gets installed is ask for a complicated password. 应用程序在安装后首先要做的就是要求输入复杂的密码。 If the password doesn't get entered the application will do nothing. 如果未输入密码,则应用程序将不执行任何操作。 That way you can enable them right after you install, and any copy's of the apk that do get out won't do anything unless the person has the password too. 这样你就可以在安装后立即启用它们,并且除非该人员也有密码,否则任何已经发出的apk副本都不会做任何事情。 Downside to this is if app gets uninstalled / re-installed password will need to be entered again. 如果应用程序被卸载/重新安装,则需要再次输入密码。
解决方案2
4 已采纳 2012-03-06 15:31:12
What is Android's authorization model?
That would depend on what you think an "authorization model" is and in what context you are asking in. APKs have no "authorization model" by themselves, any more than do text files, bars of soap, bricks, golf balls, etc. 这将取决于您认为“授权模型”是什么以及您在什么情况下提出的问题.APK本身没有“授权模型”,不仅仅是文本文件,肥皂块,砖块,高尔夫球等。
If by "authorization model" you mean "how can I validate that the app was obtained from the Android Market", you can use the License Verification Library (LVL) for that. 如果通过“授权模型”表示“我如何验证应用程序是否从Android Market获得”,则可以使用许可证验证库 (LVL)。 However, this would not appear to be relevant in your use case ("an industrial application which is installed and shipped on Android devices"). 但是,这似乎与您的用例(“在Android设备上安装和发布的工业应用程序”)无关。
How do I write my app to run on just the device we install it on?
Prevent users of the device from running anything else, by rolling your own custom firmware, making your app be the home screen, remove unnecessary additional apps from the firmware, etc. This may limit the utility of your devices, will not work if you are trying to make your app available to arbitrary devices, etc. 通过滚动自己的自定义固件,使您的应用成为主屏幕,从固件中删除不必要的其他应用程序等,防止设备用户运行任何其他设备。这可能会限制您的设备的实用程序,如果您是试图让你的应用程序可用于任意设备等。
Or, cook up your own license management scheme akin to the LVL, and hope that nobody interested in pirating the app has enough skills to reverse engineer your code and snip out the license management stuff. 或者,制作一个类似于LVL的自己的许可证管理方案,并希望没有人对盗版应用程序感兴趣,有足够的技能来反向设计你的代码并剔除许可证管理的东西。 Depending upon your customer base, you may have reasonable luck with this approach. 根据您的客户群,您可以通过这种方法获得合理的运气。 This is not significantly different than traditional enterprise software with license keys and the like. 这与具有许可证密钥等的传统企业软件没有显着不同。 Hence, it is entirely possible that firms who make license management stuff for desktop apps have commercial Android solutions available for license. 因此,为桌面应用程序制作许可证管理内容的公司完全有可能获得许可证的商业Android解决方案。
The "license management scheme" could be as simple as "burn the MAC address of the WiFi NIC in the APK file and compare it at runtime", though, again, this sort of protection is vulnerable to being reverse-engineered and excised. “许可证管理方案”可以简单到“在APK文件中刻录WiFi NIC的MAC地址并在运行时进行比较”,但同样,这种保护很容易被反向设计和删除。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.