开发者

How to identify an app user so he cannot pretend to be someone else

I'm developing an Android app which should be free to use for a certain period. When the phase of free use ends the user should register and pay to be a开发者_如何学JAVAble to use the app furthermore.

No I wondering how I could archive this, as the user might simply re-install the app to extend the period of free use. So I need a way to identify the user in such a way that he cannot pretend to be someone else or a new user. At the same time I want to avoid that the user has to do any registration if possible before the free use period ends.

At the moment I think about identify the user by his telephone number or SIM card id as he probably won't buy a new SIM card only to be able the use the app for free. The disadvantage of this is that this is limited to devices which are phones so any WIFI tablet won't be able to use the app as it doesn't have a SIM card.

Are there any other options to archive this behavior?


What you want to do is to track installations. This can be done by getting a unique id and then saving it using shared preferences. You could put this into a folder on the SD-card but I don't think I'm the only one getting annoyed by this kind of behaviour in apps. Rather than putting a file on the SD-card want to backup the file using BackupManger and uploading it to the cloud.

You can find info about the BackupManager here: Data backup

and a short part of this video on tracking installations here, 16:30 min in: Google I/O 2011: Pro tips

I really recommend you (all) to watch the video as it goes through many rookie and pro misstakes.

When reading about the BackupManager you'll find out that, just as all the other solutions, it wont work on all devices. I don't think this will be a big concern of yours, it will be a small group of people who can work around your trial period ending but there will always be. Spend time on developing your app and making it better instead.


You might want to read this post from the Android Developers blog. They recommend the ANDROID-ID, though it has it's downsides.


You might want to try:

import android.provider.Settings.System;

..

String android_id = System.getString(this.getContentResolver(), System.ANDROID_ID);

Although some devices apparently return the same value for this, which I think is contradictory to what the API docs say. It's possibly useful to use this as a secondary check.

However do try to take caution in sending personal details such as IMEI or phone number etc back to your server as users rightfully get a little anxious about such things being broadcast. You could always do a hash of the IMEI (if accessible, can't remember off the top of my head) and add this to the ANDROID_ID, creating something that's going to more or less be unique. Maybe hash some other detail in addition to this to really guarantee uniqueness as hashes can and will clash.


Is there a unique Android device ID?

Most voted answer (Joe's) in above is the best approach I have found so far.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜