block ap id
Options
friuns
✭
hi, how can i block ap id? my free android app stolen and they sell it
0
Comments
-
0
-
friuns wrote:hi, how can i block ap id? my free android app stolen and they sell it
and what makes you think that blocking the ap id changes the game?
Doesn't do so, you should simply update the app to require a valid session aquired from a login webservice that verifies the validity of the app and rejects all illegal copies.0 -
dreamora wrote:friuns wrote:hi, how can i block ap id? my free android app stolen and they sell it
and what makes you think that blocking the ap id changes the game?0 -
Right but they can update the app id whenever he does0
-
dreamora wrote:Right but they can update the app id whenever he does0
-
Which is granted to be known unless he decides that the app will never be updated again.0
-
dreamora wrote:Which is granted to be known unless he decides that the app will never be updated again.0
-
You are right, people that don't upgrade are dropped out, thats true.
But thats the only thing that the app id deactivation does, for different reasons:
1. This is PUN so we talk about Unity
Unity generates IL code thats readable.
But even if not, strings are easily readable within the generated code already without that.
So it does not matter. As long as he does not protect the MP through a login that is able to differentiate between legal and illegal, he either goes offline or he will have the pirates on that are on a current version of the replicate.
2. If he releases an update with a new app id, it can simply be pirated again.
On Android its requires basically nothing to do that unless you have a proper and save LVL verification against the live chrome backend as you do not even need to root the device, on iOS its a matter of minutes for unity applications too which opens it up to every jailbroken user afterwards (you would need to sell the mp as a IAP so you can verify the IAP as that traditionally prevents illegal spins)0 -
As I said: Blocking the old appID will prevent the old already hacked clients from playing. Of course, as also already said, he will have to build in additional security for the version with the new appID, to not get hijacked again, but that doesn't change that it is useful to block the old appID, if there is no other option to deactivate the already hacked clients from future use, because even the best security for newer clients won't keep people from just using the old ones.0
-
friuns: Are you also going to ask Google to take the application down from their store, cause it's a stolen app? Is that working?0
-
will entering string variable in inspector (instead of hardcoding it in a code) help a bit?
obfuscation of some of the code might help too, no?0 -
Tobias wrote:friuns: Are you also going to ask Google to take the application down from their store, cause it's a stolen app? Is that working?
dreamora, i dont think its hackers, its just stupid users who want make money on my game)0 -
dreamora wrote:gnoblin wrote:will entering string variable in inspector (instead of hardcoding it in a code) help a bit?
obfuscation of some of the code might help too, no?
No, it has to be sent over the tcp in plaintext, that moment its known.
So its trivial for crackers to get it0 -
friuns wrote:Tobias wrote:friuns: Are you also going to ask Google to take the application down from their store, cause it's a stolen app? Is that working?
dreamora, i dont think its hackers, its just stupid users who want make money on my game)
If thats the case then its naturally bad.
Did you make use of the basic security features available on Android and exposed by unity?
@Kaiserludi: on what versions of PUN would this hold true?0 -
dreamora wrote:@Kaiserludi: on what versions of PUN would this hold true?0
-
We enabled this recently in 1.8. Before that, encryption was not working 100% in Mono/Unity.0
-
I just found that the event flow is correctly implemented and that authenticate is still sent unencrypted in PUN v1.8.
Sorry for that.
I will fix this for PUN v1.9.0