1

Is it a good practice to build an application that have serial number for user to use that application? (Like most of desktop applications)

If so, what is the good way to save the state that user already purchased the application by having the serial number (stating that SharedPreferences and database file could be easily hacked)?

If not, what is the reason?

EDIT: My country (Indonesia) hasn't been able to sell paid application to Google Play (source), and I haven't registered to Google Play. How should I manage paid application by myself?

Many thanks :)

Zyoo
  • 746
  • 10
  • 30
  • 1
    That sort of information should be stored on a server. BTW, have you considered in-app billing instead? – Phil Feb 20 '13 at 19:25
  • I guess the question here is more about application purchase and not in-app products. – Gaurav Arora Feb 20 '13 at 19:26
  • @Phil i think it would be waste of time to check the install state everytime user open the app – Zyoo Feb 20 '13 at 19:28
  • @yolapop, you're right that it may slow the startup down, however you will have to balance the serial number security to the speed of the startup. – Phil Feb 20 '13 at 20:36

1 Answers1

1

This looks like a security question. For paid apps, I believe developers rely more on Google play store to take care, that they can't install/use the app that they haven't paid for. If anyone extracts apk the max he can do it is to install on more devices, which is fairly simple, if you have a rooted device.

Any developer generally is more concerned about having the application secured from reverse-engineering and theft of source code, rather than the installer. For making your application secure from reverse-engineering, you should be obfuscating application source before publishing the app to the play store.

Hope this helps.

Gaurav Arora
  • 1,725
  • 12
  • 13
  • And for anyone who is interested, here is more on app security: http://stackoverflow.com/questions/9865162/how-to-secure-my-app-against-piracy – Phil Feb 20 '13 at 20:38