App protection with LVL and explicit intents?

I've an app using the LVL. It consists (for simpli开发者_高级运维city) of two activities: The first one called LVLActivity checks the licence. If it fails, it simply finnishes, otherwise it launches the second activity called MainActivity with an explicit intent.

In the manifest, there is

<application android:icon="@drawable/icon" android:label="@string/app_name">
  <activity android:name=".LVLActivity">
    <intent-filter>
      <action android:name="android.intent.action.MAIN" />
      <category android:name="android.intent.category.LAUNCHER"/>
    </intent-filter>
  </activity>
  <activity android:name=".MainActivity">
  </activity>
</application>

Is it possible for someone else to write a small app that launches the MainActivity with an explicit intent?

Is this kind of setup is enough for a reasonable protection?

I believe MainActivity can be started from another app via:

Intent intent = new Intent();
intent.setComponent(new ComponentName("com.package", "com.package.MainActivity"));
startActivity(intent);

So, no, this would not protect your MainActivity per se, but you could have some kind of required shared data between LVLActivity and MainActivity, so that MainActivity would stop if this data is not existing.

But, be advised, that even this would not stop users who could reverse engineer code. To guard against this you should not have any sensitive data inside your application on devices - this basically means you should perform all business logic on server and only send data that is safe for given user back to the device. Of course you need to have some kind of user authentication+authorization on the server.

Why don't you do the license check in your main activity? It's the way Google recommend.

Aside from that, you can perform a license check whenever you want, but @Peter Knego is correct in saying that if someone really wants to get around the license check, then they will do so.