APK Hacked

So our kids game has only been on Google store one week and already it's been hacked and appearing on a website, where the site owners even have my game's images on there with THEIR copyright over it. Should we/can we do anything about it? What do others do? Feeling like never realising on Android again.

Thanks.

 

I hope I'm not the only one who knows that EVERY APK WITHOUT GOOD DRM GETS CRACKED.

You can go after them, if you like ****ing in the hurricane.

 

Even "good" DRM gets hacked.

 

Yep, they do. And given that we do kids games (hard to get ratings/education support with things like IAPs/ADS etc), we're left with little option but to potentially ditch android for good.

 

It can't be very good then

 

Care to share your solution then?

 

Make it so that App checks identiy of the person using it (gmail address, which they need to be on play store and to download your app anyway).
Have a database that contain only the identites of users that bought your app (or just downloaded it from paly store, if it's free).
Have every string and possibly even app functionalities encrypted. Have application request a key every time user wants to use it. Maybe send differents encrypted strings and functionalities to every user, so every user has own decryption key? Or update the app with new strings and encryption code daily/weekly. Have your code re-obfuscated with every update (if unity even suports this.)

But what do I know? I'm just a paranoid tinfoil hat.

 

This is problematic for kids games (under 13) ratings law in places like California though, so....

 

What law? Some kind of identity protection law? You do realize you need identity to use mail applications, right? You're not asking for blood samples FFS.

 

https://en.wikipedia.org/wiki/Children's_Online_Privacy_Protection_Act

 

So include "we'll hold on to your email for DRM purposes".
Read "compliance" section.

That's the price you pay for being near other people's kids.

 

I've heard Google Play is tricky in this sense. App Store is safer.

Not sure if it's a fight you can win. You could use your time and resources to implement some sort of validation.
Also you could update your app regularly. So pirates never have the latest version, and if they do, not for long and they know they're missing nice automatic updates. If that's not incentive enough to spend a few bucks, well ... probably wasn't going to buy either way. Kids hurting for a few bucks out there ... pirating as much as they can, corsairs of the web.

 

Video game idea leaked.

 

CPS and COPA is a serious issue. You can't ask kids under 13 for any personal details. That even includes doing stuff like tracking the device ID.

It's crazy enough that the common legal advice here is simply don't allow you game to be played by under 13 year olds in the US.

 

People seeing value and work you put in it will buy it, while other people that does not care will try to find a cracked version.
How is selling your app ? Is it doing great ?
Even on Steam it can be hacked, but perhaps you'll do more sales and you'll be able to propose it at a higher price.

 

So another example of putting children in bubblewrap. Welp. Good luck OP.

 

@SaltwaterAssembly Maybe a good compromise is doing a lite version of what @Marfab suggested. Each time you update the app, a new token is set that's required for the API calls. Your server will check to see if the token is the current one, and if not, directs you to update the app. Pirated users won't be able to update without getting the version from the store.

Of course, the issue here is that all users must be on the latest version as soon as it's released, which will be problematic for people without constant Internet and even just annoying for people who don't have automatic updates on. That's the thing with DRM: it annoys legit users just as much as the ones you're trying to protect against half the time.

It's a call you have to make: is it worth it to recoup the sales you're losing? Do you even know what those numbers look like?

As far as what to do about the site you found, I'd at the very least file a DMCA notice to them in some form. Use the WHOIS lookup to see if you can find contact information if it's not private, or contact them through email or social media listed on their site. I believe that the threat of legal action is enough to make many people like this decide it's not worth the trouble (there are plenty of other apps they can steal that will go unnoticed by the original authors) that they may just take it down.

Good luck. Please let us know how it turns out for you!

 

I don't disagree with your general sentiment. In general I think the US government had no business determining what content my kids can access.

But I also don't want to tangle with the law. International commerce is hard enough as it is. Getting blacklisted for violating child protection laws isn't a good business move.

 

The android market is really piracy-ridden, and most users are not interested in paying for game apps, since there's so much free to play to pick between. If you want to make money of the market, free to play is pretty much the only viable option.

If the company is in a country where the government cares (ie. not China), you could have a lawyer send a cease-and-desist and see if that gets you anywhere.

 

Yeah, we have a strict compliance policy when it comes to kids apps. Our app is for the education sector and we want to genuinely do the right thing by parents/teachers/kids etc.......But it comes at a price for us - it's very limiting as far as security issues above and monetisation is concerned.

 

Yeah, don't want to go down this path (chasing down every cracked APK). Just venting the frustration!
Except for the copyrighting of our images - I am chasing that one down.

 

COPA has been struck down numerous times and is no longer enforced.

 

Thanks. Yeah, not sure what kind of detection we could do that doesn't upset the family rating requirements Any suggestions would be appreciated from anyone. Cheers.

EDIT: The idea of having free app and pay to unlock the content has been discussed, but again, not sure if that will break some rating requirements that won't allow IAPs. Beyond that, I'm all out of ideas right now

 

Interesting idea. Reminds me of the developers of Game Dev Tycoon, who released their own pirated version of the game on torrent sites. The pirated version had a flag set in it so that when you released games, they'd initially sell like normal, until your games became popular. Then your sales would drop immensely, and at some point, you'd get a message saying how you're not selling any games because of people pirating. Brilliant.

Hilarious, too, when people would ask on the forums how to not have people pirate your game.

 

I don't remember the stats exactly, but I know that the expected revenue for the same app on iOS is several times the expected revenue for Android, even with how much bigger the Android market is. Mostly has to do with iOS users having more money (they bough a phone that's essentially a fashion accessory, so of course they do), and iOS piracy being harder since Apple prevents you from using non-approved software..

Rumors from show floors says that there's piracy companies that essentially crawls the android market, downloads everything, auto-cracks it, and re-uploads it for a lower price. If they average two or three sales of the pirated version, they're in plus.

 

Well, that's not depressing! lololol

 

This thread makes me feel like I shouldn't even bother with Android for my current project.

 

Note that it's not that bad. The vast majority of the Android piracy has been from China. That has a very natural explanation: Paid apps are not available from the Play Store there. Add that to the fact that there's a lot of people in China [citation needed], you really understand why there's a huge market for pirated apps there.

100% of all computer games sold in Eastern Europe in the Soviet era were pirated. This is pretty much the same situation. I'd expect piracy numbers in the rest of the world to be closer to the pc market, but I don't exactly have those numbers. I'm not an expert either!

You can definitely make money on android. With Unity, there's also no reason to not ship to both Android and iOS. I've got some friends that made a game for both platforms - the time it took to port to android and ship on the play store was a fraction of the time they spent getting the game through the iOS store.

 

Well, I think it's OK (maybe - cause they can still cheat on it i imagine) if you have advertising or IAPs etc? We're just restricted because of the kids' market space.

 

Yeah, I guess even if the game is 100% pirated across the world, I'm making the same amount of money I would if I didn't release for the platform at all!

I'll die before I release a game with ads. IAP... maybe.

Although at the rate I'm currently going, I'll just die before I release any game.

 

Have the game ping back to your server on first install with the hashcode, if it matches activate the game, otherwise have a message telling them this is an illegal copy and to purchase the correct one and/or contact you for support.

 

Oh and WATERMARK your in game background images and release images. Watermaking in game images will make such thieves think twice.

 

That's a good idea - thanks.

 

Hm.....that's currently beyond our tech/programming knowledge. Will have to investigate this & check that it doesn't upset any of the ratings/teacher board approval-type people.

 

I don't think ads are that bad if used without interruption - I think a lot of people are used to them these days. Just not kids games *le sigh*

 

Just generate a hashtag off the main app assembly and send that to a custom php/asp/whatever on your website where you have a database or list of all version hashcodes for the assemblies. If it matches great set a switch in settings telling the game it is legit and run. if someone altered the assembly then that hashcode isn't going to match and won't be in your list so you then have it open the browser to your website where you have a page that says this product is pirated or something along those lines. Not to say they pirates can't go in and change this URL too so you will need to encrypt and obfuscate the hell out of it. But the simplest thing to do is add Watermarks, both visible and hidden. Also have you reported the pirated programs to the Android store? I'm not a developer for android so don't know but I would imagine they would have a system for reporting copyright violations and your program is copyrighted if it says so or not.

 

I see a lot of people saying to add this or that callback. Has anyone done this? Because to me if they are going to get your code and modify it. The none of those things will help.

They just change the test function to always return true.

I guess if they are just getting the apk and reposting it could help some.

The only way I can think of is to have enough of your game run on a server.
Where they would have to recode too much logic to make it work without it.
But just a simple ping to a server or some local encryption seems like there would be easy ways to bypass this.

I think the only real solution is to provide a good enough product that enough people will get it legally.
Because there will always be pirates. They just hopefully will be a small enough fraction it doesn't matter.

 

I hope my game gets hacked.

I know that sounds odd but I have reasons. I plan to release my first attempt on android. I don't expect alot of buzz about it when it happens. This isn't because I think its bad or because Im having a bad day, I'm just realistic. I wont be doing alot of advertising or pushing because I dont really have the time. I barely have time for this I just like doing it when im not at work. I know how the android market works to a small degree, at least enough to know I'm not getting rich from it. If it got hacked at least I would know someone tried it. It would feel good to see people using it.

 

there's law you may check on wiki

 

This thread is near 3 years old and the exact link you posted is already in here.

I should know, I'm the one who posted it.

 

I think, your link got hacked

 

Well, at least it's a friendly reminder that releasing games for children under 13 is a PITA.

My old Android game is based off an old math edutainment title, and since Google started cleaning house I never bothered to update it, even though it's my "biggest earner"*.

* ones and ones of cents more than my other titles!

 

Necro, closed.