03-29-2012 11:59 AM
I almost finished my application development, now I need some way to protect my application from piracy
basically I need some native API, that I can use it to check against blackberry appworld server online to find out
if the playbook ID in device (on which my application is running) is binded to my registered application GUID from
blackberry appword database. ( I assume after user purchase the app from app world, the binding should exist).
If no native API available, I would like to know if black berry app world has web service that can handle this verification.
Please help me on this topic
Solved! Go to Solution.
03-29-2012 12:44 PM
there is no native API that does this. some developers have their own authentication server which the app checks and make sure it is registered on the server. The only problem with this is that you have to have wifi connection on which most people don't unless they are near a hotspot.
03-29-2012 02:58 PM
First thank you
My application is web based, so they have to have internet connection to use. so If I can use my own authentication server to do this, that will be fine for me.
the question is how I can make sure the customer actually had paid to app world to buy my application? without the native support of blackberry app world itself, I feel hard to implement the verification logic.
Maybe you have some suggestion?
03-29-2012 04:06 PM
when you add your app to Appworld you can select the License Model = Dynamic
and you give the URL to app world to get the key from your server.
you can then monitor which keys have been used to authenticate illegal use of your app.
you can read more about license model on appworld help section or search this forum.
What is a Dynamic Key Model?
03-29-2012 10:15 PM
thank you, the information is important to me!
I try to understand how the Pool license model or Dynamic license model work, in both case, the customer will get a key, either from the pool or from my external license server. the question is how the key will be used to prevent extraction and piracy?
If the bar is extracted with the key within it, will it allow other person to install and run my application?
Does ths key binded to customer's playbook ID and checked every time when the application get started?
Without the answer, I am not sure the dynamic license model or pool license model will serve my need,
03-30-2012 03:05 AM
I think when the user purchase your app they are giving the code from your pool and if that runs out you need to refresh your pool of codes. If someone gets your bar file illegally then they need to code to unlock your app and if they share the code then you are SOL. The more secure method is of course dynamic.
03-30-2012 01:15 PM
Yes, I decide to go dynamic way.
Can you point me the document about the native API that can read the key from bar file when program start?
I guess I have to do that instead of playbook OS's native support
03-30-2012 02:39 PM
03-30-2012 04:04 PM
Your method seems working for dynamic license scenario.
But I still doubt the key should exist somewhere in client playbook after customer download and install the application.(maybe in JAD file?)
because if they are using other license mode like pooling license mode, the developer cannot get client's personal information like playbook id, email address etc.. without the key, how could application verify? yes, the app can still send whatever information it get hold and send out to external server, but that information cannot be used to do authentication alone
please let me know what you thought