问题描述

为了确保我的付费 android 应用程序是从商店合法安装的，我这样写:

To ensure that my paid android application was legally installed from store, I write this:

String installer = getPackageManager().getInstallerPackageName(
        "com.example.myapp");

if (installer == null) {
    // app was illegally downloaded from unknown source. 
    // dear user, please re-install it from market
} 
else {
    // app was probably installed legally
    // (also it's good to check actual installer name)
}

没事吧?从市场合法购买和安装的应用程序是否有可能获得空的安装程序包名称并通过此测试?

Is it ok? Is there a chance that application that is legally purchased and installed from market will get empty installer package name and fail this test?

我了解用户可以运行 adb -i com.fake.installer myapp.apk 并通过此检查，但如果 合法 用户会遇到潜在问题更为重要或不.

I understand that user can run adb -i com.fake.installer myapp.apk and pass this check, but it's more important if legal users will get potential problems or not.

推荐答案

你不应该使用 PackageManager#getInstallerPackageName 检查应用程序是从 Google Play 安装还是出于以下原因的许可目的:

You should not use PackageManager#getInstallerPackageName to check if the app was installed from Google Play or for licensing purposes for the following reasons:

1) 安装程序包名称将来可能会更改.例如，安装程序包名称使用 "com.google.android.feedback"(请参阅此处) 现在是 "com.android.vending".

1) The installer packagename can change in the future. For example, the installer package name use to be "com.google.android.feedback" (see here) and now it is "com.android.vending".

2) 出于盗版原因检查安装程序包名等同于使用 Base64 加密密码 - 这是一种不好的做法.

2) Checking the installer packagename for piracy reasons is equivalent to using Base64 to encrypt passwords — it's simply bad practice.

3) 合法购买该应用程序的用户可以旁加载 APK 或从另一个未设置正确安装程序包名称的备份应用程序中恢复它，并收到许可证检查错误.这很可能会导致差评.

3) Users who legally purchased the app can side-load the APK or restore it from another backup application which doesn't set the correct installer packagename and get a license check error. This will most likely lead to bad reviews.

4)就像你提到的，盗版者在安装APK时可以简单的设置安装包名.

4) Like you mentioned, pirates can simply set the installer packagename when installing the APK.

您应该使用 App Licensing 或切换到 应用内结算.

You should use App Licensing or switch to In-app Billing.

这篇关于是否可以通过检查 getInstallerPackageName 来检查安装付费 Android 应用的合法性?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！