ansaurus

Question

Detect if app was downloaded from Android Market

Answer 1

A:

You could default your configuration to the production environment and use a custom Instrumentation that sets the configuration to testing environment. Intrumentation should be removed before publishing to the android market.

Josef 2009-06-12 16:04:09

Answer 2

+2 A:

From what I can tell there is nothing that the Market Application does to "flag" an application to say that it was downloaded from the market.

I have seen this issue approached in a different manner by another Android library. The AdMob Android SDK is free to download and use as described on their wiki. This library serves ads, so they have the same desire to be able to determine if the application that is currently running is being tested by the developer or if it is being used "in the wild". Their approach was to require that the developer set a "testing" attribute in the XML or to call their libraries "setTesting(boolean)" function to let the library know which ads to serve. This is obviously more of a manual approach that relies on the developer to change one line of code or XML before publishing.

snctln 2009-06-13 03:48:45

Yeah, that's one approach .. the problem is that it's hard to remember to change it back when you publish :) I was looking for a way that would be automatic. Oh well.

sehugg 2009-06-13 04:09:10

Answer 3

A:

Perhaps you could add a setting to your app for "developer mode".

Another possibility, have it look for a special file or configuration file on the SD card, and key off of that.

davenpcj 2009-06-13 13:24:43

Answer 4

+11 A:

Yes, you could use the signature for that. If you use a debug key to sign your app during development and a release key when uploading your app to the market you can check for the signature that the app was signed with and based on that use test or production server. Here is a small code piece to read the signature of your app:

    try {
        PackageManager manager = context.getPackageManager(); 
        PackageInfo appInfo = manager.getPackageInfo(
            YOUR_PACKAGE_NAME, PackageManager.GET_SIGNATURES);

        // Now test if the first signature equals your debug key.
        boolean shouldUseTestServer = 
            appInfo.signatures[0].toCharsString().equals(YOUR_DEBUG_KEY);

    } catch (NameNotFoundException e) {
        // Expected exception that occurs if the package is not present.
    }

YOUR_PACKAGE_NAME must be something like 'com.wsl.CardioTrainer'. It must be the package name you used in your AndroidManifest.xml. Good Luck

mark

maximon 2009-06-13 17:33:58

Is it a good idea to hard code YOUR_RELEASE_KEY?Will reverse engineering reveal this?

Thushan 2009-07-16 19:07:20

That might solve the problem but i would definitely NOT put my full private key into my code if i was you.Maybe you could get away with just using a 20 char subset of the key or something?

Declan Shanaghy 2009-11-06 18:59:46

I think using some kind of hash on your key and hard coding that in, then hashing the key stored in the package info, then checking that would stop anyone from seeing the real key if it was reverse engineered.

Austyn Mahoney 2010-01-09 00:22:31

Wouldn't you get around the security exposure if you tested for the debug key rather than the release key?

Rob Kent 2010-03-01 11:03:05

Answer 5

A:

Create another application that doesn't do anything, then test for the presence of that to indicate a debug build? Install app on development phones.

OJW 2010-10-07 17:13:33

ansaurus

tags:

views:

answers:

Detect if app was downloaded from Android Market

related questions