3

I am developing an Android application and I am planning to release this build in “Open Beta” on the Google Play Store.

I want to implement the app security logic which can ensure that the beta build won't work after certain date dd/MM/YYYY.

Currently, I can think of two approaches for this logic:

  1. Retrieve current date from the device (using Android code to retrieve system’s time)


    Issue: User can change the device date to hack the security system

  2. Use time server to check the current date

    Issue: My application don’t need internet connection and hence it will be bad user experience if I am asking for internet connection at the start of the app


I have following questions:

  1. What alternate approaches (other then checking dates) can be used to ensure that the app won’t work after date dd/MM/YYYY?
  2. How can I detect that the user has changed device date manually?
  3. Other approaches to find current date even if device is offline?

EDIT: The beta build has all the premium features free and hence I don't want beta build to work after date dd/MM/YYYY.

NEW QUESTION:

I have implemented the code to check the real date using time server at the start of the application. What possible hacks can be done by users to access app after the date dd/MM/YYYY?

Thank you in advance.

Nimesh Chandramaniya
  • 578
  • 1
  • 7
  • 29
  • One alternative you can think of is number of times app is allowed to run in beta. In any case whether its date / times user can always clear app cache or backdate. Checking date is online will be the best bet to prevent misuse – Amod Gokhale Sep 29 '16 at 11:27
  • You don't have to notify users when you are connecting to the internet, Do it on background. if the Server time exceeds a date, disallow access to the app and show user a message that the Beta app has exceed usage date. – Tosin Onikute Sep 29 '16 at 11:28
  • Thank you for the comments. We can do date checking in background but as the application can work offline, many of the users' devices can be offline. – Nimesh Chandramaniya Sep 29 '16 at 11:33
  • 2
    How serious is the issue if some users turn the clock back? Most users will not do that. Usually, the users who play with the clock, will not pay in any case. – lionscribe Sep 29 '16 at 11:50
  • Please see the EDIT section @lionscribe. – Nimesh Chandramaniya Sep 30 '16 at 04:47
  • Eventually when you will offer premium, you will need some license checking via internet, so you can do the same in beta. – lionscribe Sep 30 '16 at 06:09
  • 1
    Don't ask new questions in a same topic, you should create a new one – Beloo Oct 20 '16 at 10:11

4 Answers4

1

Agreed you don't wish the device to be dependent on the internet. At some point however, the device will be online (A human will never leave his/her device offline since the installation of your app). At that point you check the time stamp and proceed from there. You could disable the app or perform any action. Many apps exhibit this behavior to run an action when and only when the net is connected. Other than the net and device clock the only other final solution you have is to run a background timer from the moment the app is installed. Good luck

badrobot15
  • 176
  • 1
  • 10
0

The new Permissions model includes "Internet" as default (you don't need to request it specifically anymore).

Booger
  • 18,579
  • 7
  • 55
  • 72
  • 1
    Thank you for the response. I not worried about internet permission but as the application can work offline, many of the users' devices can be offline. – Nimesh Chandramaniya Sep 29 '16 at 11:47
0

If you don't want to use internet you can use following idea. Get current timestamp when running application first time and save it preferences or in external storage. check current time stamp with saved timestamp every time user launches application. please check for negative values to prevent user setting previous dates.

ragu
  • 225
  • 1
  • 3
  • 11
-1

You can check the date, and at the time that the date exceeds the deadline, you can save a variable in preferences, so that when you enter the application, even if they change the date, the application will detect that date been exceeded.

Krowne
  • 1
  • And what about if date had changed before it exceeded to prolong trial period? – Beloo Oct 20 '16 at 10:13
  • Beloo You can save the installation date, and counting the days When the application works, when it Reaches the Desired number, restrict access. But really, I do not think people change the date before the day it expires. However, nothing is foolproof, everything can jump. – Krowne Oct 20 '16 at 12:45
  • Why not. Assume you want to cheat and continue some subscription.. So if subscription logic based only on local time, it would be possible to continue such subscription forever – Beloo Oct 20 '16 at 13:23
  • Then it would be advisable to check the date on the internet occasionally (not always), so that the user does not know if this option is available. The option could be put in the background by the system, and not only when the application is opened, so that will activate when the internet connection, you could do the checking. – Krowne Oct 20 '16 at 19:46