protecting adobe air apps

views:

1142

answers:

+4 Q:

protecting adobe air apps

Hi, I am about to deliver an Adobe AIR app to a customer. But it's my first delivery of any sort, i.e. I have no experience whatsoever with licensing etc.

Users of this app may or may not be online, so can't count on that. In fact it's 99% sure that they will be offline.

Nor do I expect them to very tech-savvy, who will spend enough time scouting for ways to "crack" it.

So, is there an okeish type of way to protect this app. That is, I don't want people to simply copy the installation folder, take it to another machine and run it. It should be slightly harder than this.

Oh, and I am also using PHP and MySql, with which this AIR app communicates. So anything you guys could help me with is very very welcome.

You can not protect anything that's webbased or javascript based, purely because there is complete sourcecode.

Anyone who knows how to use 'right click' could copy your files. You can obfuscate your code, but you cannot protect it. If you think that this shouldn't be possible, write a desktop app in a 'real' programming language.

SchizoDuckie 2009-01-18 14:34:10

+5 A:

protect the php api and not the frontend app. have a license key which is bound to an ip address and authenticate the request (which contains the key) is coming from the correct ip.

mike 2009-01-20 20:12:20

IP addresses change frequently. I wouldn't say this is a sound approach and is likely to piss off lots of paying customers.

cliff.meyers 2009-01-25 07:27:56

Binding accounts to an IP address is probably a bad idea, but the idea of protecting the API and not the frontend is the correct way to go about this I think. The API and access to it is completely under your control. The front end app never will be.

Bob Somers 2009-01-25 07:51:20

If you want to protect your Flex app you can use irrObfuscator. There is a 30 days free demo.

If you wish to obfuscate your PHP code I would suggest ioncube. There is an online obfuscator that you can pay per à-la-carte. Pretty usefull. Tho you need ioncube loaders which is a set of PHP extension that you will find into the products section. Not sure but I think you can install loaders without playing with PHP config so it's shared-hosting friendly.

Erick 2009-01-25 07:02:02

+1 A:

When the app installs, I would do the following:

Create a file in "app-storage" that basically indicates the app has been installed.
Fire off a service call and make a record of the install
Change a file in the app directory to indicate the app has been installed

On subsequent startups, check for the presence of the file as long as the file in the app directory indicates the app has been installed. If you see the customer keeps installing their app over and over, this could be flagged in their account and appropriate action taken. If you want to get fancy, the file in "app-storage" could a one-way hash of some information from the file in the app directory (install date?) plus some value baked into the AIR application.

In general, I think the key here is to trust your users and not make the assumption they are trying to steal. You want to make the system as painless as possible. It does not build a good relationship with customers when you treat them like criminals, so creating an "ironclad" approach probably isn't even the best idea.

cliff.meyers 2009-01-25 07:35:27

I think pretty much the only good way to do this is to require activation after installing (online activation, with a phone backup).

From what you're saying, it seems like the backend is installed on-site and would not be able to provide adequate copy protection.

Jarin Udom 2009-02-07 13:29:54

+2 A:

I am looking for the same thing -- I just ran across Sharify (http://www.sharify.it/) which is an interesting solution.

2009-08-05 06:03:41

ansaurus

tags:

views:

answers:

protecting adobe air apps

related questions