Protect our Work in Kickstarter

Hello, my company would like to start up a Kickstarter page for our app soon. We would like to offer some type of “Beta Testing” of our app to our backers, I am concerned about them backwards converting our .apk or something to steal our work. I have tried to figure out how to backwards convert .apk and its pretty easy enough to get access to our assets.

My question is, how do we allow people to “Beta Test” our game giving them an executable for our app going through Kickstarter rewards while also protecting all of our work?

Thanks for your time.

Well, it is difficult to protect assets completely.

I’m guessing your assets are games, sound, music and so on. One possible way round your problem (which will happen when you release it as well I think) is to replace them with equivalent but not as good looking / sounding assets, and tell your beta testers that the graphics aren’t the final ones. 

Yes assets would be code/music/artwork etc, even bringing down artwork/features doesn’t really help our kickstarter or even giving them small demo’s when we want to show them a lot/everything. Even a small demo is enough code/assets to pull all the important stuff even if I did get rid of most important features. Is there a way to put a lock on the .apk and only make it an executable to the phone but not readable format for anything else? I think the code is what we are most concerned about, artwork etc we have copyrighted.

I think it’s non trivial to reverse engineer the compiled lua, better ask Corona themselves though.

Corona labs any quick input on this please? Very important on the direction my company takes.

Here’s the reality of it, yes people can reverse engineer your apps.  It’s just a .apk which is a zip file.  The Lua code is compiled into byte code at that point, so its someone obfuscated.  But your assets are sitting there for the taking.

This isn’t much of a Corona issue as its what .apk files are and how Android works.  There is talk that there are things can be done to encrypt the data, (though I don’t believe we support it and I don’t know much about it.)

When you distributed your app through Google Play and the app is signed with your release key, the OS has an encrypted APK file that’s harder to crack.  The user would have to both have a rooted device and some pretty good skills to bust your code.  But most common ways of giving out APK files for testing involve people sideloading them and that generally means they can download the APK to their computer and unpack it.

Rob

Azmar, I helped you on the forums a bit iirc. I would love to try your game man!

When your ready of course

Just a note, I grabbed some commercial games from iTunes, unzipped the ipa file and then looked in the contents. In almost *all* of them I could see/hear the audio files, movies, sprite sheets, etc. 

Basically, I think worrying about people ripping off your assets is mostly a waste of time. There’s no way to stop someone who’s motivated, and the curious who look at your assets don’t hurt anything. 

Just make your game.

 Jay

Jay and Rob are right on the mark, I think. Piracy, especially on Android is a huge issue but there’s not a lot you can do. 

You say your sounds, music, graphics are copyrighted, so is your code. It still is, I think if it is a derivative work, e.g. they reverse engineer the code from the compiled lua.

TBH unless your game is really really complex and has really unusual algorithms and models - a Sim City sort of thing, it would be quicker to rewrite it.

If your game is not popular, it doesn’t really matter. If it takes off, as you hope, then if there is an obvious copy then one of your users will probably spot that the other game is a real rip off (as opposed to a similar but not the same …)

The other thing worth considering is protecting against code change in a little way. If your code has the text strings “AzmarGame” and “© Azmar 2014” and so on, then a lazy rip off merchant may edit these so they say “FredsGame” and so on, and (say) recolour the graphics and release it. This is much easier than reverse engineering the whole thing or rewriting it and rip off merchants are usually lazy.

I just tried compiling a = “Hello, world” using luac and it comes clearly visible in the code (might be checksummed, I don’t know, and Corona may protect it as well).

One way of protecting against this lazy form of copying (you won’t stop someone who is absolutely determined) is to add up all the byte codes of the string and fail accordingly, or just be slightly awkward. This won’t stop the dedicated cheat, but it might help a bit.

Thanks for the help guys, we will come to a conclusion with the gathered info here and try to figure something out! And gremlin you will be the top of my list for testing

Well, it is difficult to protect assets completely.

I’m guessing your assets are games, sound, music and so on. One possible way round your problem (which will happen when you release it as well I think) is to replace them with equivalent but not as good looking / sounding assets, and tell your beta testers that the graphics aren’t the final ones. 

Yes assets would be code/music/artwork etc, even bringing down artwork/features doesn’t really help our kickstarter or even giving them small demo’s when we want to show them a lot/everything. Even a small demo is enough code/assets to pull all the important stuff even if I did get rid of most important features. Is there a way to put a lock on the .apk and only make it an executable to the phone but not readable format for anything else? I think the code is what we are most concerned about, artwork etc we have copyrighted.

I think it’s non trivial to reverse engineer the compiled lua, better ask Corona themselves though.

Corona labs any quick input on this please? Very important on the direction my company takes.

Here’s the reality of it, yes people can reverse engineer your apps.  It’s just a .apk which is a zip file.  The Lua code is compiled into byte code at that point, so its someone obfuscated.  But your assets are sitting there for the taking.

This isn’t much of a Corona issue as its what .apk files are and how Android works.  There is talk that there are things can be done to encrypt the data, (though I don’t believe we support it and I don’t know much about it.)

When you distributed your app through Google Play and the app is signed with your release key, the OS has an encrypted APK file that’s harder to crack.  The user would have to both have a rooted device and some pretty good skills to bust your code.  But most common ways of giving out APK files for testing involve people sideloading them and that generally means they can download the APK to their computer and unpack it.

Rob

Azmar, I helped you on the forums a bit iirc. I would love to try your game man!

When your ready of course

Just a note, I grabbed some commercial games from iTunes, unzipped the ipa file and then looked in the contents. In almost *all* of them I could see/hear the audio files, movies, sprite sheets, etc. 

Basically, I think worrying about people ripping off your assets is mostly a waste of time. There’s no way to stop someone who’s motivated, and the curious who look at your assets don’t hurt anything. 

Just make your game.

 Jay

Jay and Rob are right on the mark, I think. Piracy, especially on Android is a huge issue but there’s not a lot you can do. 

You say your sounds, music, graphics are copyrighted, so is your code. It still is, I think if it is a derivative work, e.g. they reverse engineer the code from the compiled lua.

TBH unless your game is really really complex and has really unusual algorithms and models - a Sim City sort of thing, it would be quicker to rewrite it.

If your game is not popular, it doesn’t really matter. If it takes off, as you hope, then if there is an obvious copy then one of your users will probably spot that the other game is a real rip off (as opposed to a similar but not the same …)

The other thing worth considering is protecting against code change in a little way. If your code has the text strings “AzmarGame” and “© Azmar 2014” and so on, then a lazy rip off merchant may edit these so they say “FredsGame” and so on, and (say) recolour the graphics and release it. This is much easier than reverse engineering the whole thing or rewriting it and rip off merchants are usually lazy.

I just tried compiling a = “Hello, world” using luac and it comes clearly visible in the code (might be checksummed, I don’t know, and Corona may protect it as well).

One way of protecting against this lazy form of copying (you won’t stop someone who is absolutely determined) is to add up all the byte codes of the string and fail accordingly, or just be slightly awkward. This won’t stop the dedicated cheat, but it might help a bit.

Thanks for the help guys, we will come to a conclusion with the gathered info here and try to figure something out! And gremlin you will be the top of my list for testing