I’ve just seen how easy it is for anyone to download a patcher that injects code into an apk file to make purchases free.
Are there any defenses to guard against this?
Thanks, Greg
It is very easy (on a rooted device) and there is not really a lot you can do about it.
But then again those people would never purchase anything anyway.
Well I’m surpirsed that no one is paying attention to this as it affects almost all apps released on Google. But hey if your happy giving away sales then so be it.
Well I’m surpirsed that no one is paying attention to this
‘No one’ as in Google? ‘No one’ as in Corona Labs? ‘No one’ as in developers? That’s kind of broad brush to paint with.
If you try to do too much encryption & protection, you are just going to garner the attention of those .apk mod groups and one of those modders will want to be ‘the guy who broke your super well protected game.’ to garner attention from his peers and the whole hacker/mod scene.
Getting attention from those groups is like hitting the hornets nest with a stick. You might stop a few… but… yeah.
If your game is good, people who do those purchases and know about it, will pay into it. Period.
Piracy has been a ‘problem’(much easier to accept it as ‘reality’) since old tape drives on TRS-80s, Atari-400s and Vic20s.
When I released my game, within 2 hours a ‘free’ apk version was available. That didn’t stop me from contacting App press sites, telling people about my game, generating buzz and continuing a non-stop, ground effort, grassroots campaign to let people know about my product and to thank and promote the words of those who did praise it.
Now this next part goes against the entire ethos that has become Corona and App making in general, But what I do to ‘protect’ myself is release Pay2Play along with a network I built to support the guerrilla marketing and word of mouth of said product. A lot of people did this in the beginning. But the Free2Play market emerged and quickly everyone abandoned the Pay2Play method.
However as time has gone on and large companies took control and monopolized the Advertising methods, along with almost every developer jumping into this Free2Play frenzy market… The Free2Play markets are now the over saturated and are the thin earning markets for independent and sole/tiny developers. I mean they were thin earning to start, the only thing going for it was the novelty of free. But now you get these large studios and corporations dumping VC money into Ad Click positions and ‘buying users’… I just can’t see the finances, fun or sanity to compete against that. But people do it, and some are successful. (Plus the good folks at Appodeal & Corona are fighting for you on that front!)
And of course Pay2Play can flop. However I would much rather earn a few hundred to thousand bucks selling to friends, family, and those interested in my app from my marketing efforts rather than releasing for free and trying to get a quarter of a million free downloads to earn the same amount from Ads and IAP. (Note: You also get better reviews and a community around your game when you don’t invite the entire world for free to your house party (Pay wall prevents that), people that buy into pay2Play usually followed the game and have a mental vested interest, vs. some kid who thought it was supposed to be console quality and doesn’t understand you are not a AAA studio… he is most likely to be someone who delivers a 1 star review…)
But to each his own. Piracy will not go away and it is a waste of time to focus on those efforts when so many people still pay for good games (pay2play or Free2Play) with lots of attention. Those last two, good game/attention , are the most important aspects to focus on imo.
Good luck!
There is no giving away of sales for something that costs nothing - i.e. in game currency. The script kiddies that use lucky patcher do so because they have no credit card so would not pay anyway.
@LL nailed it… make a great game with great content and legitimate players will contribute!
Just don’t worry about pond scum
No one as in Google, no one as in Corona and so far no one as in Developers. There is a solution that gets you 80% of the way there but knowing that the injection tool takes control of the google store API and returns purchases as true, when they are forged transactions is quite the elephant in the closet and it means that you are not protected at all as a developer. Sure good people buy good products, but that’s not the point here. Hackers are and always will do what they do best. But I’m not interesting in giving away the keys to my products so a strategy to minimize the damage they can do makes sense. Sure they can hack a bit, get some gold coins, that can act as a promo in a sense, but to let them get unlimited resources doesn’t make sense whether or not they would ever purchase anything. That is my approach.
Have any of you put any thought into this problem or do we just let it slide?
Personally, I would say don’t worry… a hacker is NOT a lost sale.
What I do is monitor my top IAPs. It is rare a real customer stumps up $120 so 99.5% of the time they are fake purchases and I act accordingly.
A minor irritation at best
It is very easy (on a rooted device) and there is not really a lot you can do about it.
But then again those people would never purchase anything anyway.
Well I’m surpirsed that no one is paying attention to this as it affects almost all apps released on Google. But hey if your happy giving away sales then so be it.
Well I’m surpirsed that no one is paying attention to this
‘No one’ as in Google? ‘No one’ as in Corona Labs? ‘No one’ as in developers? That’s kind of broad brush to paint with.
If you try to do too much encryption & protection, you are just going to garner the attention of those .apk mod groups and one of those modders will want to be ‘the guy who broke your super well protected game.’ to garner attention from his peers and the whole hacker/mod scene.
Getting attention from those groups is like hitting the hornets nest with a stick. You might stop a few… but… yeah.
If your game is good, people who do those purchases and know about it, will pay into it. Period.
Piracy has been a ‘problem’(much easier to accept it as ‘reality’) since old tape drives on TRS-80s, Atari-400s and Vic20s.
When I released my game, within 2 hours a ‘free’ apk version was available. That didn’t stop me from contacting App press sites, telling people about my game, generating buzz and continuing a non-stop, ground effort, grassroots campaign to let people know about my product and to thank and promote the words of those who did praise it.
Now this next part goes against the entire ethos that has become Corona and App making in general, But what I do to ‘protect’ myself is release Pay2Play along with a network I built to support the guerrilla marketing and word of mouth of said product. A lot of people did this in the beginning. But the Free2Play market emerged and quickly everyone abandoned the Pay2Play method.
However as time has gone on and large companies took control and monopolized the Advertising methods, along with almost every developer jumping into this Free2Play frenzy market… The Free2Play markets are now the over saturated and are the thin earning markets for independent and sole/tiny developers. I mean they were thin earning to start, the only thing going for it was the novelty of free. But now you get these large studios and corporations dumping VC money into Ad Click positions and ‘buying users’… I just can’t see the finances, fun or sanity to compete against that. But people do it, and some are successful. (Plus the good folks at Appodeal & Corona are fighting for you on that front!)
And of course Pay2Play can flop. However I would much rather earn a few hundred to thousand bucks selling to friends, family, and those interested in my app from my marketing efforts rather than releasing for free and trying to get a quarter of a million free downloads to earn the same amount from Ads and IAP. (Note: You also get better reviews and a community around your game when you don’t invite the entire world for free to your house party (Pay wall prevents that), people that buy into pay2Play usually followed the game and have a mental vested interest, vs. some kid who thought it was supposed to be console quality and doesn’t understand you are not a AAA studio… he is most likely to be someone who delivers a 1 star review…)
But to each his own. Piracy will not go away and it is a waste of time to focus on those efforts when so many people still pay for good games (pay2play or Free2Play) with lots of attention. Those last two, good game/attention , are the most important aspects to focus on imo.
Good luck!
There is no giving away of sales for something that costs nothing - i.e. in game currency. The script kiddies that use lucky patcher do so because they have no credit card so would not pay anyway.
@LL nailed it… make a great game with great content and legitimate players will contribute!
Just don’t worry about pond scum
No one as in Google, no one as in Corona and so far no one as in Developers. There is a solution that gets you 80% of the way there but knowing that the injection tool takes control of the google store API and returns purchases as true, when they are forged transactions is quite the elephant in the closet and it means that you are not protected at all as a developer. Sure good people buy good products, but that’s not the point here. Hackers are and always will do what they do best. But I’m not interesting in giving away the keys to my products so a strategy to minimize the damage they can do makes sense. Sure they can hack a bit, get some gold coins, that can act as a promo in a sense, but to let them get unlimited resources doesn’t make sense whether or not they would ever purchase anything. That is my approach.
Have any of you put any thought into this problem or do we just let it slide?
Personally, I would say don’t worry… a hacker is NOT a lost sale.
What I do is monitor my top IAPs. It is rare a real customer stumps up $120 so 99.5% of the time they are fake purchases and I act accordingly.
A minor irritation at best