Jump to content

Skin security measures


maxmp

Recommended Posts

I'm trying to plan out some skin security and I need some extra info/input from skin developers:

  1. are your paid skins just paid apps or in-app purchase?
    I've never seen skins with in-app purchase, but may be you have one or plan one?
     
  2. as skin can be easily repacked, I think Poweramp can check the skin signature, provided that all author skins are under same signature and signatures are not changed often (as signature hashes will be baked into Poweramp). To hack this, Poweramp should be hacked, but this is another issue (for an user).
    Do you use same signature for all your skins?
     
  3. some minimal code will be needed inside skin apk to check it's license (as Poweramp can't check license on behalf of other app), that will work best for paid app (in-app requires a bit more work).

Thanks!

Link to comment
Share on other sites

@maxmp

1. Yaps is a paid skin, Big Yaps is free. As you cannot execute any runtime code within a skin, the only possible option (imo) is in the Main Activity which then lauches/applies the skin.

2. Yaps and Big Yaps have different signatures

3. are you suggesting that a skin can be licensed in the same way as Poweramp ?

Link to comment
Share on other sites

Poweramp can include signature checks for well known skins and also Poweramp can query the skin to make it verify if it’s properly purchased or not. This will stop skins to be easily pirated, at least while Poweramp itself is not hacked/modded.

Link to comment
Share on other sites

  • 4 months later...
  • 10 months later...
×
×
  • Create New...