Protect app from reselling!

Hi guys,
is it possible to make generated keys for my app , so i can sell the app without being distributed for free by others,
for example kaspersky with activation keys (codes)


1 Like


to do so one technical option is to generate an unique ID for the device (Taifun have a free extension for doing this), than connect to an authentication server with API (easy to do Linux+PHP) to calculate a token (hash w/salt).

Store this token in a tinyDB on the device and proceed each launch to local check between device ID and stored hash (use Cryptography module to do so, again hash w/salt).

If someone spread your .apk, the authentication key will be different for other devices and the application unusable.

By the way you can add a timestamp to this mechanism, in order to stop application after some date.

1 Like

In my opinion, that would be an inconvenience if the genuine user with a license to use, loses or changes the equipment.

yes it’s true.

However if you replace the UniqueDeviceID by a standard license number, this credentials can be spreed.

Some alternative is to use the phone number as credential and a SMS reception as trigger. Not safe because sim/e-sim can be moved to different devices.

It’s also possible to ask at launch an username and use this as a credential to decypher part of the code. At least if some leak happens you will have the name of the source :slight_smile:

More heavy (and expensive) solution is to ask regularly an authentication token to an authentication server (like SSO are doing) ; if you permit access to a credential all others will be rejected until delog, meaning only one user at the same time for the same ‘license’. It can be counter-productive if the authentication server is done… no one will be able to log (except in case of graceful degradation).