問題描述
應用程序許可和 android 唯一 ID (Application Licensing and android unique id)
I am about to publish the paid app to the android market. The app uses LVL (Application Licensing). In order to validate the licence I have to provide the device's unique id. The problem is that some android devices (due to known issue) have the same 'unique' ids, when calling:
Secure.getString(getContentResolver(), Secure.ANDROID_ID);
I could also use TelephonyManager class but the app also targets the tablet devices so I can not rely on that.
If anyone of you guys has used LVL please let me know how did you obtained the devices'id when creating LicenseChecker() object. I am just trying to understand what could happen if two users with the same device id would try to buy the app.
參考解法
方法 1:
For detailed instructions on how to get a Unique Identifier for each Android device your application is installed from, see this official Android Developers Blog posting:
http://android-developers.blogspot.com/2011/03/identifying-app-installations.html
It seems the best way is for you to generate one your self upon installation and subsequently read it when the application is re-launched.
I personally find this acceptable but not ideal. No one identifier provided by Android works in all instances as most are dependent on the phone's radio states (wifi on/off, cellular on/off, bluetooth on/off). The others like Settings.Secure.ANDROID_ID must be implemented by the manufacturer and are not guaranteed to be unique.
The following is an example of writing data to an INSTALLATION file that would be stored along with any other data the application saves locally.
public class Installation {
private static String sID = null;
private static final String INSTALLATION = "INSTALLATION";
public synchronized static String id(Context context) {
if (sID == null) {
File installation = new File(context.getFilesDir(), INSTALLATION);
try {
if (!installation.exists())
writeInstallationFile(installation);
sID = readInstallationFile(installation);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
return sID;
}
private static String readInstallationFile(File installation) throws IOException {
RandomAccessFile f = new RandomAccessFile(installation, "r");
byte[] bytes = new byte[(int) f.length()];
f.readFully(bytes);
f.close();
return new String(bytes);
}
private static void writeInstallationFile(File installation) throws IOException {
FileOutputStream out = new FileOutputStream(installation);
String id = UUID.randomUUID().toString();
out.write(id.getBytes());
out.close();
}
}
方法 2:
Two devices with the same id would just give the app for free to the other device however the LVL still works with Google IDs. Since the LVL uses Google's authentication its extremely rare that you would ever see someone with the same ID and the same Google ID buy the same app. Especially since they already own it!
If that does not help try below:
http://developer.android.com/guide/publishing/licensing.html states:
declare a variable to hold a device identifier and generate a value for it in any way needed. For example, the sample application included in the LVL queries the system settings for the android.Settings.Secure.ANDROID_ID, which is unique to each device.
Note that, depending on the APIs you use, your application might need to request additional permissions in order to acquire device-specific information. For example, to query the TelephonyManager to obtain the device IMEI or related data, the application will also need to request the android.permission.READ_PHONE_STATE permission in its manifest.
Before requesting new permissions for the sole purpose of acquiring device-specific information for use in your Obfuscator, consider how doing so might affect your application or its filtering on Android Market (since some permissions can cause the SDK build tools to add the associated ).
(by Marqs、Kevin Parker、Chris Lucian)