Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can I check if my app has been installed from the Play Store? #9

Open
yvant opened this issue Oct 18, 2023 · 6 comments
Open

Can I check if my app has been installed from the Play Store? #9

yvant opened this issue Oct 18, 2023 · 6 comments

Comments

@yvant
Copy link

yvant commented Oct 18, 2023

I'd like to limit the number of fraudulent purchases but I can't use a server validation system for the moment. I've seen on the net some ways to detect if an app has been downloaded from the Play Store or not. Does this ANE helps with that? If yes, is it relevant to block purchases from users that directly installed the APK from other sources, or may I block regular/legit users?
Thanks!
@marchbold
Copy link
Contributor

Sounds like you might want to consider using Google Play Licensing?

This functionality is available for free through our Google Play Services libs:

Alternatively you can use this extension to check the installer package name which should be set to com.android.vending if an application was installed through the Play Store :

var installer:String = PackageManager.service.getInstallerPackageName();
if (installer == "com.android.vending")
{
    // Installed from the play store
}

https://docs.airnativeextensions.com/asdocs/packagemanager/com/distriqt/extension/packagemanager/PackageManager.html#getInstallerPackageName()

@yvant
Copy link
Author

yvant commented Oct 19, 2023
edited
Loading

Is there a difference between both solutions, in terms of security or reliability? At first sight, the one with PackageManager seems simpler to implement. Additionally, can the script that you suggested block "legit" users inadvertently? What I plan to do is: if the app doesn't come from the Play Store => the user cannot make in app purchases

@marchbold
Copy link
Contributor

That definitely is a reasonable approach and one we have used in the past.

I just mentioned the licensing approach as it is a more "official" way of checking the legitimacy of an install.

@yvant
Copy link
Author

yvant commented Oct 19, 2023

Great! Thanks of lot for the advice and for the snippet!

@yvant
Copy link
Author

yvant commented Oct 31, 2023
edited by marchbold
Loading

In the end, some fraudulent APKs still have the "com.android.vending" as installer, so I'm trying to implement the licensing method but it's not working. Here is some feedback:

  • Using the code in the related github, I get the errorcode 6
  • I used APM, and the generated app descriptor doesn't add <uses-permission android:name="com.android.vending.CHECK_LICENSE" />. Is it an issue?
  • I generated a random SALT that is stored in the APK, as mentionned on the wiki. Do I need to put it somewhere else? Is there something to do in the google play console?

@marchbold
Copy link
Contributor

Yeah there isn't an apm package setup for this so you'll need to add the permissions into a project config or manually.

You'll need to work through the setup process outlined here as well: https://developer.android.com/google/play/licensing/setting-up

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@marchbold @yvant