Database Info

Android trialware: best practices

Hi all,
Sorry if this is a duplicate but I already searched for an answer and couldn't find one. I am working on an Android app that I wish to distribute as trialware and I am seeking info on best practices.
First of all, what is the best way to make sure that users cannot get the free trial again by reinstalling? This is critical, of course.
Next, how do I manage the expectations of my users who think they are downloading a totally free app? Is there a better way than just shouting it in the app description?
Any other advice, links or suggestions on this topic are much appreciated!
Thanks in advance,
Barry

Hi!
The only way to prevent reseting the trial period with reinstalling is to create a server and validate the device only by some of its hardware IDs.
Alternatively You can use an online service like https://trialvalidator.com.
Robert

Just keep in mind that server validation isnt bullet proof.
Users can use a simple firewall like Droidwall to block incoming/outgoing communications or both for individual or all apps.
There's LBE or Pdroid which can prevent apps from obtaining uniquely identifiable information and also change it so that each time your app requests the ID it gets a different random ID.
Then there are "code patchers" like LuckyPatcher and others which can patch the server validation within the app and bypass it.
You might get lucky and be releasing an app whose target market isn't a particularly tech savvy audience, but personally I run a very tight ship on my phone, and will not install any apps without locking them down completely.
This includes free and purchased apps.
Even my system apps are screened and only allowed to access the bare minimum on my phone to retain their functionality.
Have you looked into having crippled/free and full/paid versions of your app? Or a crippled app that has an in app purchase option to upgrade to full funtionality?
Another option would be an always on internet requirement, but unless its a really great MMO game, users are not going to be too happy about that especially if, for example your app is a music player or shopping list or single player game.
Im not trying to disseminate methods to bypass validation, or dishearten your app protection efforts. This is just an FYI.

Does AdFree Android keep developers from making money from ad impressions?

I'm thinking of removing the app and just going through a little annoyance just to help the developers. I'm not sure how ad blockers work on the financial end so can someone please help me know.
Thanks in advance.

they do
that's why i don't use them. ads are tolerable, i would rather pay the devs in this way for their amazing works

I think there are two types of ads. One only pays the developer if a user clicks on it, and two prepays the developer just for the spot. If you're the type of person who never clicks on ads, I think developers are unaffected. Just a guess.

I wish there would be a version of AdFree that would just block them in the browser. I don't mind ads in apps and want to support the devs, but too many of the sites I visit are plastered with ads.

Yes, devs are not being paid the money they would otherwise be paid if you use an adblocker. In theory it might be possible to design an application that downloads the images and then subsequently deletes them (I know this is possible in browsers) which would remove the ad while also paying the dev, but that is not how AdFree functions and I'm not sure if it's even possible to do with an app; such a thing might require modifying the app's source code.

Yes, that is why I believe ad blockes are wrong and I never use one. If you use someone's free app they deserve the small amount of revenue they get from ads.

[rant] Malicious ads in common Android games

Hi,
I just wanted to rant about the current state of application ads on Android.
Over the past month, I've noticed an increased occurrence of those malicious "battery upgrade" ads in my games and apps.
Back in September/October, I got a few and I complained to the domain holder (ENOM) and their server hoster. Both of them neglected to email me back, and the site still remains online.
They seemed to disappear for a while, but since around New Years, the ads have resurfaced. Almost every free game I've played over the past two weeks has had them. Angry Birds, Super Stickman Golf, Words With Friends, Air Control Lite, to name a few...
I've contacted at least three ad distribution networks over the past two weeks, JumpTap, TapJoy, and Mojiva. All three have ignored my emails.
I've tried talking to the app developers, and they seem to be responsive to my initial complaints, but acting on them seems to be another matter.
While I realize that because I'm rooted, I could just block the ads by hand, but I think the more responsible thing would be for these ad distribution networks to actually look into the things they are advertising on our devices.
If you're an app developer, I'd like to ask that if you have a choice of whose ads get displayed in your applications, take a hard though about the ads that are also being pushed to your application's users.
I'm just mad about the whole thing. If ICE/DoHS can take down any site they feel, why can't malware developers suffer the same fate?
Thanks

Hi bunder9999,
My name is Saad and I work for Tapjoy. I wanted to bring to your attention that Tapjoy had already turned off and removed the developer for "battery upgrade" about 10 days ago. Please let me know if you want to discuss anything about this. You can send me email at [email protected].
Regards
Saad

Thank you. Now that I poke through my inbox, I see that you did indeed mail me back. edit: But that doesn't change the fact that you allowed the ads to begin with.
Got two emails today (surprise, surprise.)...
Rovio: "We're trying!"
Mojiva: (In so many words... yes, they were kindof nasty about it.) "Prove it or f*** off." My response: "Pull out an android device and install the malware yourself."
While I'm here, I thought I would post some comments made by some of my fellow Android users...
"i think it is awesome that you do this type of thing and more people should... you are pretty much an internet don quixote"
"more people need to step and say this type of s*** is unacceptable, and its really only apathy that doesn't stop ad companies from really taking this s*** seriously"
"your efforts are sisyphean, though noble"
Click to expand...
Click to collapse

I'm just going to post this here, as proof that I'm not off my nut, as Mojiva's final stance seems to be.
http://www.virustotal.com/file-scan...8bbb35635f8c6c7a044ff2b28fcd01dfa4-1326204931
edit: rather than waste a post on something nobody seems to care about, i got another ad today, from another ad-network, inmobi.
email sent. i was a little more diplomatic in my email this time, but somehow i don't feel that they will be anymore receptive than Mojiva was.

i wish android market was a little more like Apple app store. Too many crappy apps made it into the market without any filtering.

silkshocker said:
i wish android market was a little more like Apple app store. Too many crappy apps made it into the market without any filtering.
Click to expand...
Click to collapse
I couldn't disagree with you more. Sure, the App Store has a much higher percentage of quality apps, but I believe the filtering is preventing a lot of aspiring developers from getting their apps out there. I'm just afraid that, were I to get an iphone, the app I desperately want is being blocked by apple for one reason or another. I'd rather sift through hundreds of crappy apps and find the one I want, than sift through 50 and not get a single one that does what I need it to do.
And there is some filtering in the market. It's just not overly strict. The beauty of android is that it is OPEN!
Just a thought...

+1
mfitz8530 said:
I couldn't disagree with you more. Sure, the App Store has a much higher percentage of quality apps, but I believe the filtering is preventing a lot of aspiring developers from getting their apps out there. I'm just afraid that, were I to get an iphone, the app I desperately want is being blocked by apple for one reason or another. I'd rather sift through hundreds of crappy apps and find the one I want, than sift through 50 and not get a single one that does what I need it to do.
And there is some filtering in the market. It's just not overly strict. The beauty of android is that it is OPEN!
Just a thought...
Click to expand...
Click to collapse
what he said
you can easily block all the Ads, and ignore all the SPAMs
i'll suggest AVAST for Android, does a great job at that, as for Ads, there are tons of 3rd party apps to block Ads

.
Thread moved. Would advise you to read forum rules and post in correct section.

bunder9999 said:
Hi,
I just wanted to rant about the current state of application ads on Android.
Over the past month, I've noticed an increased occurrence of those malicious "battery upgrade" ads in my games and apps.
Back in September/October, I got a few and I complained to the domain holder (ENOM) and their server hoster. Both of them neglected to email me back, and the site still remains online.
They seemed to disappear for a while, but since around New Years, the ads have resurfaced. Almost every free game I've played over the past two weeks has had them. Angry Birds, Super Stickman Golf, Words With Friends, Air Control Lite, to name a few...
I've contacted at least three ad distribution networks over the past two weeks, JumpTap, TapJoy, and Mojiva. All three have ignored my emails.
I've tried talking to the app developers, and they seem to be responsive to my initial complaints, but acting on them seems to be another matter.
While I realize that because I'm rooted, I could just block the ads by hand, but I think the more responsible thing would be for these ad distribution networks to actually look into the things they are advertising on our devices.
If you're an app developer, I'd like to ask that if you have a choice of whose ads get displayed in your applications, take a hard though about the ads that are also being pushed to your application's users.
I'm just mad about the whole thing. If ICE/DoHS can take down any site they feel, why can't malware developers suffer the same fate?
Thanks
Click to expand...
Click to collapse
I also got the same feedback once but i could easily resolve this problem with my ad distributor as they block those ads for me..

"Free App: Battery upgrade" - sleazy ads
Hi all,
I found this topic, and think that it's the good one
Since some days, I have a strange ads in my notification bar, which displays: "Free App: Battery upgrade"
I launched some tools like Lookout or AVG Antivirus, but they didn't find any malware.
Does a specific tool exist to find this kind of malware, or maybe a way to find which app raised this bad ads ?
(last installed apps is Bubble level, but many apps are updated often, so I don't have any idea of which one could cause that )

Well done ,learn more

If it can help people (and it should help ), I found the solution of my problem of sleazy ads:
I installed from market Airpush detector (some other apps exists), which simply detects which apps contains ads (type Airpush), and propose to uninstall them.
At the end, it's simple. I'm very happy that these kind of tool exist, but I'm very surprised that such [email protected]\`@^ ads could be displayed in the notification bar

Security does matter![Updated 25th. Jan]

Introduction
I have not seen much talk about security in XDA, and not at all on Neo Section.
SO here's just one informative link talking about using and developing apps and security risks involved
http://www.technologyreview.com/computing/25921/?mod=related
Any bug in software could potentially be used as a security loophole to gain access to private information, spy on you, get your credit card info(should you do such things on phone).
What is kind of unsettling is that everyone seems fine with modding, tweaking, developing and using those ROMs made in XDA without worrying if there could be that kind of bug in your made or used ROM.
You don't need a malicious app only to have risks. Most people use Windows so they should know that it is OP systems bugs and vulnerabilities that allow for unwanted access to your files, data, etc.
Android itself is having very non-foolproof security system. All apps on unrooted phone are in sandbox. That's no security measure at all. It doesn't limit app from stealing your private info at all, it only cant delete the whole ROM. That's just idiotic security system, for it is the only thing beside encrypting shut off phone on 3.0 and 4.0. So that means Android on it's own has no security measures while it's working. Even Windows has... some... but not too much... so you could pay for antivirus and antispyware software ofc.
It has always been the goal of big corporations to make money from insecurity, be they software developers, arms dealers and you name it. They all benefit from insecurities existing. Same is with Google and it's Android. But the good news is that we the users can modify Android. We could all say "Au revoir security bugs and loopholes!" if we would care about developing ROMs designed to make Android more secure... alas that's not happening yet!
Overview of Linux/Android security issues.
It's a short condensed description just to get you interested in the topic. There's lots of material on net, you only need to search, read, watch videos.
Linux becomes more vulnerable with more applications with different permissions installed. Same is true for Android.
Say your Phone Exporer has root access, that means it has root access to whole Android. To remove unnecessary risks, this app's root access should be limited to only most necessary functions it needs to operate.
Currently for Android there is no such solution. For Linux there is Apparmor.
http://en.wikipedia.org/wiki/AppArmor
Total root access is obvious vulnerability, but it is at least known one. Let's look at possibility of apps having hidden permissions and what that could mean to you.
Blade Buddy from Market.
On market it does not list permission to "Unique Device ID"(IMEI for GSM and MEID; ESN for CDMA) for free nor for paid version.
That means the author of BB has left the code from free version in paid one. This permission is used by ads to track you. It's not necessary code for ads, but it helps the dev know who clicked on the add and generated him some money. To see your money generating zombie empire stretch across the whole globe.... quite a thrill, isn't it?
So it's a latent code, with no benefit to user and an exploit only calling to be abused.
Unique Device ID allows you to be tracked on net and also where you are physically. GPS is just one way to find you, police for example have scanners to locate your devices physical location by the IMEI code. You can count on the "bad guys" having this technology as well, for it's quite a tool for burglars and other criminals.
The risks of your home being marked as the next dungeon to be looted by some raiders, I mean criminals(or perhaps WoW players sleepwalking and sleepraiding?) or getting your ID and bank details stolen by trojan/hacker is random. Yet the threat would not exist without apps having so flagrant hidden permissions.
Next app with ludicrous permissions
Brightest Flashlight
It does list many permissions, among them "Hardware controls - take pictures and videos ". No, it does not need a permission to take photos through cameras to operate the flashlight. But it's fun nonetheless for the dev to see his trusty peasants, or maybe he just likes to observe people like some watch fish in aquarium or hamsters in cage( "Look at that dork!", "You're one ugly m...f...er","ummm a couple kissing in dark with ma flashlight, what are they searching?", "what's that you eat, mr Korean, brains?" "hey show me that document again.")
You don't even need to run the app yourself. It can be triggered by hacker on background and take a snapshot of you.
On top of this little needless permission it has following hidden permissions:
1. Unique IMSI, read about here http://en.wikipedia.org/wiki/IMSI
2. MCC+MNC (CDMA)
3. Unique Devide ID
4. Cell Tower Name.
That's a lot of needless permissions for flashlight, these are there just to track you the app user and have nothing to do with your comfortable use of the app.
These are just 2 apps with totally needless permissions for their intended functioning. If you don't want your Windows and Linux have such security holes then why do you want your Android have them?! You don't want, that's the point and these apps would not be so popular if people would really know and care about their phone being secure.
It can be stated for sure that above exemplified permissions not listed on market are more useful for pranksters, criminals or someone plainly looking-down-on-all-the-dumb-sheep and not at all for any legitimate, user or customer friendly purposes.
There are very few tools to check for security and privacy problems in apps. That gives a sense that majority of devs do not want Android to be secure and private, because Android is another revenue generating platform through Google ads business of course. Were people more educated about the matter then Google ads business would shrink down as well. A private and secure Android can't be tracked or annoyed with ads. No ads, no profit. No security therefore means profit. Unfortunately this lack of security can be exploited by anyone with criminal or malignant intentions so very easily.

The most important thing is to read the permissions before installing.

If you had read the article I linked. Those permissions don't matter anything really if stuff developers use doesn't reveal what it does, or developer itself doesn't disclose what the app does.
We can safely say that those permissions asked are just to make ordinary users of Android think that all is under their control.
I use Privacy Blocker app and it keeps finding app permissions that are not listed. Even that app doesn't find those permissions which Cyanogenmod permission manager shows. And I've sanitized all my apps, still I find my phone connecting to some odd servers while using certain paid and seemingly legit apps. I even found shapshots from front camera made by some app... and I am checking all permissions I can, even for those not listed.

What seems harmless but could reveal your IP address and potentially other data about you is... advertisements used by apps.
Ads can be far more than just a little annoyance that slows your device. Any file, picture loaded from some location in internet can be used to locate you.
I had a problem of getting phone call bills for calls lasting 10 to 20 secs that I never made after using a slew of market apps, flashlights, fun stuff, etc.
I paid two months for such calls trying to find out which app did it and still don't know which one it was. Skype(phone app has fake IP of Holland but actual connection goes to Moscow... oh come one what is this? Why such hiding? Like anyone would trust their phone's Skype connection stream through Moscow... no thank you! Then wonder still if the phone gets so slow and Skype call quality is so bad even over wifi while Windows Skype does just fine?), Brighest flashlight, some photo editors, and slew of other garbage I've already forgotten about cause I don't use any of it anymore.

First post updated

How about the new 4.3 update..in includes some security and privacy control..will this thing prevent you had mentioned?

Is there any way to reactivate this post? maybe start working on a security enhanced android ROM? I'm agree, Security does matter!

Is it safe to give my IMEI id to Leadbolt?

Leadbolt is provides ads in the notification of andoid similar to airpush. In order to opt out you go to their website where they request your mei imei id. Is it safe to provide this?
Thanks

JeffATL said:
Leadbolt is provides ads in the notification of andoid similar to airpush. In order to opt out you go to their website where they request your mei imei id. Is it safe to provide this?
Thanks
Click to expand...
Click to collapse
Yea, it's just a unique identifier for these networks to add to their list so those IDs never get served ads.
truste.com/developer/?p=86

cLin407 said:
Yea, it's just a unique identifier for these networks to add to their list so those IDs never get served ads.
truste.com/developer/?p=86
Click to expand...
Click to collapse
Cool. Your thanks meter just went from 0 to 1 =)

JeffATL said:
Leadbolt is provides ads in the notification of andoid similar to airpush. In order to opt out you go to their website where they request your mei imei id. Is it safe to provide this?
Thanks
Click to expand...
Click to collapse
I don't know who Leadbolt is, but that aside if you are wondering about whether they (or anyone for that matter) are or not. I would suggest researching about them first via third party reviews, and/or whois domaintools, wikipedia, types of resources. The reviews that are not generated by sites that do not bias their reviews due to being erm bribed for want of a better word will obviously be more accurate as to their legitimacy so sticking to well known and trusted review sites is a good start. I use WOT (web of trust ff addon) to help weed out the bad sites, it's not perfect, however it is far better than using nothing at all. This way you can get an idea if they are trustworthy or not. And if they are new new new I would be more careful as malicious groups start again with new names etc... once their old ones are burned out and no longer provide the gains they are looking for. Hope this helps

Generally speaking, you should never give out your IMEI to anyone.....especially an ad company asking for your IMEI tempting you with not receiving anymore ads? Sounds extremely fishy to me.

Unfortunately I did give my number before seeing other posts.
I do have a problem that may be a result of the foolish move or it may be unrelated. So far I see the problem with one particular website.
If I go to the a particular restaurant's website Eclipse D Luna found by google search, it is hosted by dudamobile. I believe the website is legit as it looks legit from a computer and I think dudamobile is a legit site that transform peoples websites for mobile phones. However when I navigate to the restaurants menu the page is filled with spam (i.e levitra, viagra ads) ?

Leadbolt is a notification ads provider (they also do banners and others). They use IMEI not to show you the notification ads. They are legit, you can give them your IMEI.

'ad.leadboltads.net' is Malware
JeffATL said:
Leadbolt is provides ads in the notification of andoid similar to airpush. In order to opt out you go to their website where they request your mei imei id. Is it safe to provide this?
Thanks
Click to expand...
Click to collapse
LEADBOLTADS IS MALWARE! DO NOT GIVE THEM ANYTHING!
My browser started popping open on reboot/start up to their page with advertising.
This behaviour is known as malware.
Lookout Security & Antivirus found mine in ChargeBar Free Edition,
ChargeBar came embedded in the NottachTrix 2.3.0 ROM.
I installed it (NottachTrix) and it (ChargeBar) didn't update for 3 months, then, BANG.
I've deleted ChargeBar's update, moved it from system apps to apps, deleted it, and the browser pop open 'ad.leadboltads.net' still persists.
Lookout Security & Antivirus can not find the new location of the malware, they do not have a forum.
By the very definition and behaviour, this is malware, and, ChargeBar (Asgard Casino Apps) is involved in the distribution of malware.
Asgard Casino Apps distributes 34 apps that behave this way.
They are using Google Play Store to distribute this malware, abet, that app is benign in its origin, its a pipeline, or conduit for malware.
Sneaky F##kers aren`t they.........
#1) I would like to get this crap off my phone.
#2) I need to bring this to Google's attention, and have the developer and apps banned from the Play store.
Sooo, starting with #1,,,how do I get this crap off my phone!
NOTE:
I will be linking to this post in the NottachTrix post, I'm asking the developers to to move ChargeBar from the ROM zip.
My MBAM forum post: https://forums.malwarebytes.org/inde...06#entry764184