Hello!
I'm software developer from Russia, and made one very popular app in local market. Very soon I realized that I need an ability to give licensed version of app for my friends or reviewers or someone else.
Unfortunately AppHub doesn't provide such functionality(private distribution is pain in ass), so I created a webservice for myself.
After two days I realized that it may be useful for other developers, so here it is:
promo.g33k.ru (here I wanted to post url, but I can't due to low post count. You may find it in my profile->interests)
Now it has:
- JSON/SDK with RSA1024/SHA1 sign for additional security checks
- Binary SDK available
- Russian localization(if anyone cares ) (btw, if you can help translating to other language(s) or correct english misspellings - i will appreciate this).
Now this service works in beta mode.
So for developers I have two questions:
1) Is such service useful for you?
2) How to develop it further, in which way?
Not yet clear
I am sorry, but after reading your post and also checking your website I am still not sure what you offer. For me there is just not enough information to understand and then judge the usefulness of your service.
Maybe you could give a step-by-step scenario: Dev does this, then interested user does that, dev then this ...
Ok, I'll try to describe a little more details:
1) Developer wants to add capability of promo codes in his app(to give some specific users full licensed app).
The first problem is that developer need his own server for checking of promo code validity(hardcoding is not an option, of course).
2) So, Developer registers in my service, add his app's guid to his app list and create a promo code for specific app via web.
3) Developer adds support for promo codes in his app by:
a) adding an text box for user to enter promode
b) adding a web request to specific URL for promocode activation
c) adding to his license check web request for checking is current user activated a promo code.
Benefits for developer:
- Add support for promo codes without owning a server.
- Simple way to give full version of program to friends
Benefits for users:
- User may found promo code for specific app somewhere and use it to get full version of app in simple manner.
Benefits for reviewers/portals:
- Developers can easily give promo code for reviewing purpose or as giveaway for news post.
Clear now
Thanks for the additional info, now it's clear
Well yes, sounds useful. Properly implemented is probably really easier than Microsoft's "closed beta" mechanism, and of course can be used for other, non-beta apps as well.
The icing on the cake would be a "frame application" as sample code that basically does nothing more than asking for a promo code and then check against the list of valid codes on your server.
Sounds intresting but how do you ensure security?
chabun, I thought about security and situation is same as with default checking for trial - there is no security Man-in-the-Middle and direct cracking of xap will work, and there is no way out. I could use RSA signing for MitM, but still cracking of xap is very easy option today, so no one really interested will try to use MitM. When WP8 SDK will be out(I believe it will be in several weeks) - some developers may implement trial checks in native code - this will be much harder to crack.
As for server part there are following possible problems
- App's ID squatting(same as domain, someone else could reserve developer's app's guid). Don't know yet what to do with this, may be think about it later when this happens?
- Promocode's for App ID bruteforce - could be easily avoided via server throttling, if this ever happens - i'll add such checks
- Server DDoS - every webmaster's nightmare, I hope this never happens(or my Amazon AWS will pour my purse empty
rbrunner7, nice idea, I'll add a sample app as soon as possible on site.
This looks like an interesting concept
Sent from my SGH-i917 using XDA Windows Phone 7 App
Yop, you can never avoid direct cracking... However, RSA signing would be good I'd say as it will avoid MitM - with MitM you could create simple tools which can be used by every noob outhere. Cracking xaps requires some skill and it will need an unlocked WP7 as well.
I can see this working i have been thinking about something similar also. You can encrypt the data on device before sending it off to the cloud, you can than verify the encrypted data with a password and compare it to the codes registered on the server. Than link a code to a certain device id (once the code becomes 'registered') if a certain code is already coupled to a deice id and the device is not the same than the app will jump back into trial mode. Otherwise one can use the paid mode.
This can defenetly work and will prevent reselling th codes. Although it requires a server. And users can still hack/patch the app ofcourse but that will require an unlocked device so I should not worry to much about it.
Also to prevent spoofing you can frequently check with the server if this device is legitetmately registered.
Marvin_S said:
I can see this working i have been thinking about something similar also. You can encrypt the data on device before sending it off to the cloud, you can than verify the encrypted data with a password and compare it to the codes registered on the server. Than link a code to a certain device id (once the code becomes 'registered') if a certain code is already coupled to a deice id and the device is not the same than the app will jump back into trial mode. Otherwise one can use the paid mode.
This can defenetly work and will prevent reselling th codes. Although it requires a server. And users can still hack/patch the app ofcourse but that will require an unlocked device so I should not worry to much about it.
Also to prevent spoofing you can frequently check with the server if this device is legitetmately registered.
Click to expand...
Click to collapse
That's what I thought of... private/public key
chabun, so, for example, how about following scenario:
for each developer server creates public/private key pair.
when checking license on server: if success server encodes userid with developer private key
when checking license in app: server response decoding via public key(hardcoded in app) and comparing to userId. if ok -> licensed.
You might want to ask @ngreader guys on twitter. They do have this concept implemented in their app.
diverofdark said:
chabun, so, for example, how about following scenario:
for each developer server creates public/private key pair.
when checking license on server: if success server encodes userid with developer private key
when checking license in app: server response decoding via public key(hardcoded in app) and comparing to userId. if ok -> licensed.
Click to expand...
Click to collapse
I'm not sure if it would be good to encode the request to the server as well but otherwise it sounds really cool now... I'll use this service when I need this (and tell my friends about it)
Here is one way to do it http://stackoverflow.com/questions/599837/how-to-generate-and-validate-a-software-license-key
wpxbox said:
Here is one way to do it http://stackoverflow.com/questions/599837/how-to-generate-and-validate-a-software-license-key
Click to expand...
Click to collapse
Well, what they suggest is not as good as diverofdark's service which is a lot more secure and still easy to use for the customers...
Greetings everyone!
Today I updated promo.g33k.ru, now it has:
- more detailed about page,
- SDK now includes RSA1024/SHA1 sign for additional security checks
- Binary SDK available
- Russian localization(if anyone cares ) (btw, if you can help translating to other language(s) or correct english misspellings - i will appreciate this).
- Many minor bugfixes.
So, from now this service works in beta mode
diverofdark said:
Greetings everyone!
Today I updated promo.g33k.ru, now it has:
- more detailed about page,
- SDK now includes RSA1024/SHA1 sign for additional security checks
- Binary SDK available
- Russian localization(if anyone cares ) (btw, if you can help translating to other language(s) or correct english misspellings - i will appreciate this).
- Many minor bugfixes.
So, from now this service works in beta mode
Click to expand...
Click to collapse
Thanks! I will check this out
Hey diverofdark
It would be nice if you update the first post in the thread with all information. That's the way it's usually done in the forum.
A possible user (here dev ) can read it and without having to browse the whole thread, he can use your promocode service...
Thanks for mentioning it, I updated the first post.
um I'm 16 and have no about the law or what any of this mean, can someone tell me if i need to do anything please...
Hello,
Google has received a subpoena seeking information related to Android
applications that may have been made available on alternative markets
without the consent of the developer. The subpoena seeks information
about those Android applications, including contact information for the
developers of the applications. Our records show that your Android
developer account will be included in the information Google will provide
in response to this subpoena.
Google is not in a position to provide you with legal advice or discuss
the substance of the process in our possession. For more information
about the subpoena, you may wish to contact the Federal Bureau of
Investigation -- Atlanta Field Office at (404) 679-9000, reference #
2011R00320/FBI/ORKIN.
Regards,
Google Legal Investigations Support
Click to expand...
Click to collapse
http://www.androidcentral.com/fbi-investigating-android-apps-gathering-developer-information-google
I'd start by contacting google.
thanks for the responses, i Skyped the FBI this morning in collage, they said they didn't want Google sending these emails out and not to worry about it XD
That just means the FBI wanted to do their investigations without anyone knowing, but Google blew the whistle.. why would you suddenly not worry about it if it worried you initially?
There are shady markets selling pirated apps w/o developer's permission. There's an investigation, and because you have a developer account you're being included in that.
Kookas said:
That just means the FBI wanted to do their investigations without anyone knowing, but Google blew the whistle.. why would you suddenly not worry about it if it worried you initially?
Click to expand...
Click to collapse
i was worried because i had no idea what it meant.
The strange thing about it is why would the FBI or any law enforcement agency want a secret subpoena for information about the *victim* of a crime they're investigating? EG, if Gucci shoes were being copied and sold, why would they get a secret subpoena against Gucci? Doesn't add up.
REPORTING & ANALYTICS PROGRAM
With this program, beginning December 1, 2012, Sprint will combine Mobile Usage Information and Consumer Information to prepare business and marketing reports that we may share with others. You can be confident that your information will be aggregated so that you will not be personally identified. We may also share location information with other companies in a way that does not personally identify you. If you do not want us to use your customer information for this program, you can opt out anytime as described below.
I just got this email think ill be opting out of this for sure
Great post. Thanks. Where can we find opt out info?
First hit on google states:
If you do not want us to use your information for our Reporting & Analytics program described above, you may opt out by:
Calling 1-855-596-2397 from your mobile device, or
Visiting http://www.sprint.com/mychoices
Click to expand...
Click to collapse
I went to the URL, signed in, and had to opt out each individual line in my family plan.
I am working on a web service and thought it might be of interest to Windows 8 app developers out there, who might find the service useful and could even help testing it and offer advice on how to improve.
The product (codename Myelin, currently in alpha) brings powerful user feedback tools directly into your mobile apps. With just a couple of lines of code, you can integrate functionality that not only allows users to send comments directly to the dev, but also to track any replies and provide additional follow-up after the first submission. No private information (such as email address or account name) is ever shared, and no registration is required. It just works directly from the app.
Coming in the future are even more exciting features that make meaningful communication between the dev and the end user simpler and faster.
On the backend we have a feedback management portal that allows to monitor incoming feedback efficiently and manage any required follow-up in a bugtracking-like approach (think support tickets).
We have recently rolled out a client (== app plugin) for Windows 8 HTML apps, and would welcome devs willing to take it for a spin and give us feedback. BTW, XAML support is coming in the future; if you'd be interested, let me know and this work may move further up the priority list. XAML version for C#\VB Win8 apps is also available.
The service is currently free while it's in active development. While there are plans to eventually take it commercial, we will in any event be very accomodating to our early adopters.
You can read more at https://www.tfp0.com/s/windows8. If you're interested in learning more, reply here, PM, or just go ahead and sign up over at the website (we have plenty of spots available) to see what we have going there.
Below is a collage of various screens that the plugin introduces in the form of settings flyouts.
<= clickable
Since I've seen some offline interest in a XAML-based version, I wanted to note here that we did in fact roll out a version of the plugin for XAML.
In addition, both versions (HTML and XAML) are now available through NuGet as Timefork.DyneinXaml and Timefork.DyneinHtml .
Hi, my name is Jose Walker, and I'm looking very skilled developers to participate in a project for a very big company (name is undisclosed for NDA agreements with my client) and what we're looking for is to be able to unlock mobile phones remotely.
This is via a remote session with a help-desk person. This support agent should be able to unlock a mobile phone. Since we're aware of the myriad of devices and ROMs (Speaking of Android) we in first place would like to target the most popular android devices, and be able to put a custom ROM, that besides of unlocking the device, might install applications from my client. This is all legal stuff, What I can tell is that my client is a big mobile carrier in Latinamerica, so no backdoors or trojans whatsoever. This is basically to be able to change the carrier for the end user, but if the device is locked, our client with his remote assistance, will unlock the device REMOTELY.
First thing to know, is whether this is possible (I will asume it is, because is software and everything can be tweaked)
IF ANYONE THINKS IT IS POSSIBLE AND WANT TO JOIN THE TEAM PLEASE LET ME KNOW ASAP. MY EMAIL ADDRESS IS:
[email protected]