11-18-2009 02:09 PM
Solved! Go to Solution.
11-18-2009 09:54 PM
I suppose it might be possible to copy the archived version of an app to another device (in fact even preferable if someone changes their device), but even then it's possible the apps are protected.
Even if it were possible to pirate in this way, if you use the Dynamic Licensing approach, you can generate your own serial numbers and check against them whenever your app runs. That way you can ensure only licensed PINs are able to access your app.
So check out the Dynamic Licensing option - there are threads on this board that cover the approach.
11-19-2009 02:42 AM
Sure it's possible and quite easily actually. All you have to do is download the app hook the device up to your pc pull the cod files and then generate an alx file. Then you can simply install the app using desktop manager.
With that being the case I've found that generating a registration number for each user based off of thier pin number prevents this. Most of the time hackers etc will just move along to the next appliction.
Here is a site I check a lot to make sure my apps aren't on it. It's just a forum full of pirated apps shared by the usres.
11-19-2009 10:35 AM
Thanks for the hint. it was greatly helpful.
In our app I already have a licensing method. So the only thing i need to know is if the app was installed by App World or not.
I was thinking of the following approach. Please let me know if this would work:
a) The app is submitted with a static key.
This key *cannot be* entered anywhere inside the app. This is just so that App World can stamp this key in the RIM_APP_WORLD_LICENSE_KEY property.
b) When my app runs, I check if this property is defined. If it is then i continue with my verification against my server. If not then I switch the app into trial mode.
a) Can someone set the RIM_APP_WORLD_LICENSE_KEY property outside of App World ?
b) Can someone hack the code binary and bypass this check ?
If either of this is possible then static key won't do and I will have to go the Dynamic licensing route.
TIA to anyone for responding.
11-19-2009 10:46 AM
The answers to your questions are:
For A, the RIM_APP_WORLD_LICENSE_KEY is in the JAD file and anyone can insert this if they knew how. For B, if you are a real hacker, yes, you can hack the code and bypass. Is it worth spending the time doing it for a mobile application? Probably not.
So since the answer to question B is YES, switching it to Dynamic wouldn't help. But again, I don't think many hackers will want to hack a mobile device when they can hack desktop software that costs thousands of dollars.
11-19-2009 12:10 PM
Thanks very much for the clarification.
> For A, the RIM_APP_WORLD_LICENSE_KEY is in the JAD file and anyone can insert this if they knew how.
The documentation indicates that the CodeModuleManager and CodeModuleGroup can only be accessed by a signed app. if someone were to patch the JAD file, would this not violate the signature and make it impossible to use these objects ?
11-20-2009 12:38 AM - edited 11-20-2009 12:49 AM
Wouldn't hacking the code violate the code signing? (Always assuming the code needed signing in the first place).
I guess there may be a way of decompiling the cod files but if there is I haven't found it yet!
As you say, an awful lot of trouble to get a mobile app - except that the mobile app may unlock a bank account or enterprise system app.
11-20-2009 02:06 AM
I have finally decided that the only sane thing to do is to use Dynamic Licensing Thanks a lot for everyone who took the time to read my posts and my appreciation for those who took the time to respond.
Amongst all the mobile platforms I have worked on, Blackberry seems to be the only one which offers this sort of licensing mechanism. Kudos to RIM for that, though their documentation could be a lot clearer.
I wonder who figured out that key is saved in RIM_APP_WORLD_LICENSE_KEY property for example. I did see that in post from the moderator but I don't see that mentioned anywhere in the App World documents i checked on blackberry site.
In any case I think i am all set now. Thanks.