tags:

views:

170

answers:

4
+1  Q: 

Licensing system for static library

I'd like to sell a static library for Cocoa Touch apps but want to protect it from being freely distributed. Has anyone tried this or have suggestions on a scheme(s) that I can build to handle it?

One example from the desktop world is a vendor sending a license key to you after purchasing the library. That key must be embedded in your app, which is what the library will look for at runtime. The problem is anyone can post the library and key on the web.

A: 

Tricky. I suppose it depends on where you want to sit on the inconvenience - security spectrum. If you wanted to be a huge jerk you could require that all the binaries built with your tool be sent to a webservice you publish which would add a key to them based on a hash of the binary. Probably you're best to follow your current plan. Yes it could be posted on the web but that is just a chance you're going to have to take. It is best not to treat your customers as criminals. Keep track of the keys you sell and if you find one online that you sold revoke their license.

stimms  2009-11-16 00:08:22
+1 for "It is best not to treat your customers as criminals.", but then you go back and want to revoke licenses. How do you know they leaked it? Maybe someone bought their program from them and got it that way? (Can I eliminate all my competition now? :P)
Roger Pate  2009-11-16 00:13:29
Having the key in a plist and no web service call is the most convenient. Would I just need to keep an array list of all keys ever sold in each library update? I agree with R. Pate on not knowing if the customer actually posted it. No way to prove that and the PR would be horrible. So, just have to take the chance and go with the measly plist solution since there doesn't seem to be anything feasible.
4thSpace  2009-11-16 00:22:14
A: 

Well, I wouldn't bother trying to sell a copy-protected library to other developers. Since we're talking about iPhone apps, if you suspect that someone's using your code without authorization, and you can prove it, you can send Apple a DMCA takedown notice and get it pulled off the store.

NSResponder  2009-11-16 00:16:51
How would you know some app in the app store is using the library without authorization? Unless you have an account of every app your customers are selling that use the library, you can't really know.
4thSpace  2009-11-16 00:27:08
+4  A: 

Build a strong fast key-generator algorithm and partly base it on the purchasers bundle identifier. When someone purchases the library, they give you the bundle identifier and you give them a key to embed. In runtime, read the bundle identifier and the embedded key, run it through the algorithm and see if it matches.

This is a little better because someone is less likely to use a bundle identifier if it comes from someone else — they would have to setup multiple certificates, developer profiles etc. Also, a legal purchase would probably not reuse the library illegally between different app of his/her own.

coneybeare  2009-11-16 00:41:52
Awesome. By fast key-generator, you mean something that is somewhat cryptic and uses the bundle identifier to build its key?
4thSpace  2009-11-16 01:16:56
yes. You need to obfuscate it too just in case somebody clever tries to reverse engineer the binary. But that might be overkill depending on what your static library is.
coneybeare  2009-11-16 03:11:18
I may also include the app name in this scheme. But what happens when someone wants to change their app name or for that matter, bundle identifier? It could become a maintenance issue for me unless I go the "jerk" route and charge for those changes.
4thSpace  2009-11-16 03:44:38
bundle identifier cannot be changed.
coneybeare  2009-11-16 04:26:48
Would you say it is better for me to produce my own mangled strong key rather than use SHA-256 or example? This avoids the encryption hassle in iTunes Connect.
4thSpace  2009-11-16 19:47:47
Maybe I missed something, but since the headers have to be included with the library, people can step into your code and into the algorithm that is generating the strong key, which makes the strong key useless. Is there some other way to do it?
4thSpace  2009-11-19 07:16:18
people cant step in the code with the header, they can only see what methods you use
coneybeare  2009-11-20 05:53:23
A: 

Try in this way: you ask the developer to give you the application name of the app that will use your library. send the library with encrypted appname e your internal license code.

Your library will check at random time, appname and license, then put a check in your library that access a site on internet to validate the pair. if there's no match, your library asks the application to quit.

Mauro Delrio  2009-11-16 11:36:29
I want to avoid the scenario where it checks the Internet. I believe coneybeare's suggestions is the best one.
4thSpace  2009-11-16 16:14:17

related questions

How do we get arround Apple's decission to skip sms templates for iPhone?
iPhone App Crashing - Error Question
Can I write native iPhone apps using Python
Does the Iphone 1/2 have a compass inside?
How do you beta test an iphone app?
Is it just the iPhone simulator that is restricted to intel only Mac's?
iPhone App Minus App Store?
Deleting messages from Exchange IMAP mailbox on iPhone
Is there a multiplatform framework for developing iPhone / Android applications?
How can I launch the Google Maps iPhone application from within my own native application?
Tips for a successful AppStore submission?
iPhone app that access the Core Location framework over web
Virtual Mac?
What's a good machine for iPhone development?
How can I develop for iPhone using a Windows development machine?
Recommended iPhone Development Resources
Best Wiki for Mobile Users
How to programmatically send SMS on the iPhone?
iPhone - Exchange Calendars in Public Folders
iPhone web applications, templates, frameworks?
Understanding reference counting with Cocoa / Objective C
How-to articles for iPhone development, Objective-C
What are the correct pixel dimensions for an apple-touch-icon?
How do I give my web sites an icon for iPhone?
iPhone app in landscape mode