javiersantos / piracychecker Goto Github PK

This library is licensed under Apache v2. Under normal circumstances I would add this to the about section of my app and give attribution.
In this case it seems counterproductive to give a broad hint to the cracker? What is your advice in this case?

Please add latest package name for Lucky Patcher V6.8.6

OLD: com.android.vending.billing.InAppBillingService.CLON

LATEST: com.android.vending.billing.InAppBillingService.CRAC

Hi there, Thanks for the awesome library.
I am noticing a strange crash that can't even be caught. It happens when license check is enabled and the app has been launched for the very first time when installed from play store(doesn't happen if installed outside of play store). The crash never happens afterwards however.

You can find the logs here:
https://pastebin.com/NpN8DSvZ

Any help would be highly appreciated.

For some reason when using this library my app is reporting that the license isn't valid. I've implemented the play store check, the app is then downloaded from the play store and is returning that the app is invalid. Same with my signing key and if I use the license check. I'm not sure what I'm doing wrong.

• I have verified there are no duplicate active or recent bugs, questions, or requests.
• I have verified that I am using the latest version of PiracyChecker.
• I have given my issue a non-generic title.
• I have read over the documentation (before asking questions on how to do something).

Details

• PiracyChecker version: 1.1
• Device OS version: 7.0 - 8.0
• Device Manufacturer: All
• Device Name: Pixel 2 XL, OP5, S8, S7, S7E, S6

Builder

            piracyChecker = PiracyChecker(this)
            piracyChecker!!.enableGooglePlayLicensing(BASE_64_LICENSE_KEY)
            piracyChecker!!.enableSigningCertificate(APK_SIGNATURE_PRODUCTION)
            piracyChecker!!.enableInstallerId(InstallerID.GOOGLE_PLAY)
            piracyChecker!!.callback(object : PiracyCheckerCallback() {
                override fun allow() {
                    quitSelf()
                }

                override fun dontAllow(error: PiracyCheckerError, pirateApp: PirateApp?) {
                    finish()
                }
            })
            piracyChecker!!.start()

Reproduction Steps

1. Clear data of your app including the PiracyChecker lib
2. Relaunch the app to get it to reauthorize
3. It will fail

Expected Result

The piracy checker lib should green light.

Actual Result

The library will throw some generic response:

01-13 23:37:48.602 24417-24417/? I/LibraryChecker: Binding to licensing service.
01-13 23:37:48.641 24417-24417/? I/LibraryChecker: Calling checkLicense on service for projekt.sungstratum
01-13 23:37:48.641 24417-24417/? I/LibraryChecker: Start monitoring timeout.
01-13 23:37:48.908 24417-24433/? I/LibraryChecker: Received response.
01-13 23:37:48.908 24417-24433/? I/LibraryChecker: Clearing timeout.

and occassion

01-13 16:00:13.947 I/LibraryChecker(17981): Using cached license response

But since it is freshly wiped, there is no cached license response, so it will be negated and will tell me I "pirated" my own app.

More of a question than an issue... is it a vulnerability that the same SALT is used by all users of this library? If not, what exactly is the point of the SALT, if it doesn't matter that everyone is using the same? Would it make sense to be able to supply a custom SALT when setting up the checker?

You can also do something like in this post: https://forum.xda-developers.com/showpost.php?p=65125064&postcount=102

Then saving a key->value to the default shared preferences file making sure that even if the user has uninstalled LuckyPatcher that the app is still going to fail.

Caused by: java.lang.IllegalStateException: You need to use a Theme.AppCompat theme (or descendant) with this activity. at android.support.v7.app.AppCompatDelegateImplV7.createSubDecor(AppCompatDelegateImplV7.java:343) at android.support.v7.app.AppCompatDelegateImplV7.ensureSubDecor(AppCompatDelegateImplV7.java:312) at android.support.v7.app.AppCompatDelegateImplV7.setContentView(AppCompatDelegateImplV7.java:277) at android.support.v7.app.AppCompatDialog.setContentView(AppCompatDialog.java:80) at android.support.v7.app.AlertController.installContent(AlertController.java:214) at android.support.v7.app.AlertDialog.onCreate(AlertDialog.java:256) at android.app.Dialog.dispatchOnCreate(Dialog.java:578) at android.app.Dialog.show(Dialog.java:314) at com.github.javiersantos.piracychecker.PiracyChecker$1.dontAllow(PiracyChecker.java:78) at com.github.javiersantos.piracychecker.PiracyChecker.verify(PiracyChecker.java:86) at com.github.javiersantos.piracychecker.PiracyChecker.start(PiracyChecker.java:72)

-its Just a suggestion

Details

• PiracyChecker version: 1.2.4
• Device OS version: pie
• Device Manufacturer: Xiaomi
• Device Name: Mi 5s
  (tested on an other huawei device running android 8 I think)

Builder

        checker = new PiracyChecker(this)
                .saveResultToSharedPreferences(preferences.getSharedPrefs(), "valid_license")
                .enableUnauthorizedAppsCheck(true)
                .enableGooglePlayLicensing("PRIVATE");

        checker.start();

Reproduction Steps

1. install LuckyPatcher
2. Open the app running PrivacyChecker

    java.lang.IllegalArgumentException: Parameter specified as non-null is null: method kotlin.jvm.internal.Intrinsics.checkParameterIsNotNull, parameter savedInstanceState
        at com.github.javiersantos.piracychecker.PiracyCheckerDialog.onCreateDialog(Unknown Source:2)
        at android.app.DialogFragment.onGetLayoutInflater(DialogFragment.java:411)
        at android.app.Fragment.performGetLayoutInflater(Fragment.java:1339)
        at android.app.FragmentManagerImpl.moveToState(FragmentManager.java:1298)
        at android.app.FragmentManagerImpl.addAddedFragments(FragmentManager.java:2426)
        at android.app.FragmentManagerImpl.executeOpsTogether(FragmentManager.java:2205)
        at android.app.FragmentManagerImpl.removeRedundantOperationsAndExecute(FragmentManager.java:2161)
        at android.app.FragmentManagerImpl.execPendingActions(FragmentManager.java:2062)
        at android.app.FragmentManagerImpl$1.run(FragmentManager.java:738)
        at android.os.Handler.handleCallback(Handler.java:873)
        at android.os.Handler.dispatchMessage(Handler.java:99)
        at android.os.Looper.loop(Looper.java:193)
        at android.app.ActivityThread.main(ActivityThread.java:6669)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)

Could you add a way to check some licensing on external apps? For example looking if an app is installed with the play store, by giving up a package name.

Normally I would do

  if(!BuildConfig.DEBUG)
        {
            checkForPiracy();
        }

But disabling it for Debug build will render the .enableDebugCheck(true) useless.

• I have verified there are no duplicate active or recent bugs, questions, or requests.
• I have verified that I am using the latest version of PiracyChecker.
• I have read over the documentation (before asking questions on how to do something).
• I have given my issue a non-generic title.

Details

• PiracyChecker version: 1.1
• Device OS version: all
• Device Manufacturer: all
• Device Name: all

Reproduction Steps

I have Proguard and shrinkressource activate.

Intent intent = new Intent(MainMenu.this, LicenseActivity.class)
                .putExtra("content", msg)
                .putExtra("colorPrimary", ContextCompat.getColor(this,R.color.green_500))
                .putExtra("colorPrimaryDark", ContextCompat.getColor(this,R.color.green_700));
        MainMenu.this.startActivity(intent);
        MainMenu.this.finish();

Expected Result

Work

Actual Result

Caused by: android.content.res.Resources$NotFoundException: Resource ID #0xff4caf50
at android.content.res.ResourcesImpl.getValue(ResourcesImpl.java:190)
at android.content.res.Resources.getColor(Resources.java:922)
at android.content.Context.getColor(Context.java:508)
at android.support.v4.content.b.c(ContextCompat.java:411)
at com.github.javiersantos.piracychecker.activities.LicenseActivity.setActivityStyle(LicenseActivity.java:48)
at com.github.javiersantos.piracychecker.activities.LicenseActivity.onCreate(LicenseActivity.java:29)

Hi Javier. Thanks for your efforts. As much as we try to protect our apps other 3rd party tools keep finding new ways to fuck us up.

For example LuckyPatcher detects this string https://github.com/javiersantos/PiracyChecker/blob/master/library/src/main/java/com/google/android/vending/licensing/LicenseValidator.java#L105
and simply returns true.

My suggestion is simply change the methods name, move strings around, just make it a tad harder for automated programs to understand what's going on. Seems simple, but it'll bypass some of the automated scripts. And yes, it'll work even if the app is properly obfuscated etc.

As the title explicitly says, those callbacks shouldn't be posted on a background thread. You can either give it the option to be posted to a bg thread or simply post it on the main thread. It's slightly annoying when doing UI operations on a custom allow()/dontAllow() and then getting exceptions warning about "Only the original thread that created a view hierarchy can touch its views." and then having to wrap everything inside a main looper. At least give them the @workerthread annotation so that we know what kind of thread they're being posted on.

Actually I am a cordova developer and I have tried many cordova plugins but no use, so I have decided to implement this license check process in java code, I tried many pugins but nothing was run successfully. But finally I found your plugin, really it is awsome, it was run successfully without any errors.
And I have two questions

1. I have .jks file and how can I get the signing certification from that?
2. enableGooglePlayLicensing does not call the call back functions.

How?

new PiracyChecker(this).callback(new PiracyCheckerCallback() {
            @Override
            public void allow() {
                new AlertDialog.Builder(MainActivity.this)
                        .setTitle("License Check")
                        .setMessage("License is Valid")
                        .show();
            }

            @Override
            public void dontAllow(PiracyCheckerError error) {
                new AlertDialog.Builder(MainActivity.this)
                        .setTitle("License Check")
                        .setMessage("Not Valid License")
                        .show();
            }
        })
                .enableGooglePlayLicensing("my 64 BIT KEY")
                .start();

But this code does not trigger any one of the call back method.

Please tried to reply soon as possible.
Thanks Advance.

Hello, Can anybody suggest how to get APK signature for the PRODUCTION?

Please add latest package name for Lucky Patcher

OLD: com.android.vending.billing.InAppBillingService.LUCK

LATEST: com.android.vending.billing.InAppBillingService.CLON

Would be nice to be able to customize or even supply a custom layout xml altogether. I would submit a PR but I'm really short on time.

Thanks :)

I'm trying to show a dialog to the user when he attempts to make an IAP and on that dialog I'm showing an uninstall button to start uninstaller activity.
The problem is that the pirateApp.getPack() returns an Array instead of package string.
So currently I'm using
Arrays.toString(pirateApp.getPack()).replace(",", "").replace(" ", "").replace("[", "").replace("]", "") to get the package string.
Can you please return clean string?

In my app, I used a similar method to check the app that installed my app, the allowed packages were:

"com.google.android.feedback"
"com.android.vending"

Any of these 2 options mean app was installed from Play Store

"com.amazon.venezia"

This the package for Amazon App Store.

I would do a Pull Request, but I wouldn't like to do it just for these minor things.

Hope they can be added soon, so I can start implementing this awesome library.

Thank you Javier. Keep up the good work.

Details

• PiracyChecker version: 1.x.x
• Device OS version: 6.0.1
• Device Manufacturer: Asus
• Device Name: ZenFone 2

Reproduction Steps

1. Implement check for enableUnauthorizedApps without saving result in shared preferences
2. Launch app with lucky patcher installed --> Detected
3. Uninstall lucky patcher and launch app --> Detected

I haven't enabled result saving in shared preferences and that unauthorized apps is the only method I am calling after initializing PiracyChecker. I want to let the user use the app after uninstalling lucky patcher.

More info:
I have a rooted device with Xposed installed.
I have got a lot of feedbacks from my users saying they don't have lucky patcher but the app says they have it.
After uninstalling lucky patcher I tried to reinstall my app but it still says lucky patcher is installed.

Expected Result

Let the user use the app after uninstalling lucky patcher.

Actual Result

Detecting lucky patcher even if not installed.

• I have verified there are no duplicate active or recent bugs, questions, or requests.
• I have verified that I am using the latest version of PiracyChecker.
• I have given my issue a non-generic title.
• I have read over the documentation (before asking questions on how to do something).

Details

• PiracyChecker version: 1.1
• Device OS version: 7.1.2
• Device Manufacturer: Huawei
• Device Name: Nexus 6P

Reproduction Steps

1. Open the app
2. Rotate the activity

Expected Result

Activity's instance shouldn't be retained & duplicated.

Actual Result

Activity's context leak.

Maybe put it inside a WeakReference, that way it'll be garbage collected if the activity isn't valid anymore. You can use LeakCanary to double check on actvity leaks.

A couple testers have tried the license check in Samsung S7 devices and the license check says they are emulators even when of course they are not.

Is posible use this library for add in apps , similar system of "trial version 30 days"

• I have verified there are no duplicate active or recent bugs, questions, or requests.
• I have verified that I am using the latest version of PiracyChecker.
• I have given my issue a non-generic title.
• I have read over the documentation (before asking questions on how to do something).

Details

• PiracyChecker version: 1.2.3

I know it's always hard to "kill your darlings", especially when I see that probably a lot of work went into the Base64.class. But because of {@link CharBase64} not working, I found on Robert Harder's site link http://iharder.sourceforge.net/base64/ that it is built-in since java 8, and android has android.util.Base64 class.

I'm no expert in this matter, thus my question :
are there disadvantages/pitfalls when replacing this with the standard library?

Edit : searching for Base64 in the entire project, I found that the android library version Base64.encodeToString is already used in LibraryUtils class.
So is there any reason, why not to use Base64.encode for byte-arrays in the classes AESObfuscator, LibraryChecker and LibraryValidator (see below) ?

I tried it on the library app, and the main PiracyCheckerTest ran to success, so it seems to be working fine.
(still have to test on Android play store with a real app later on)

That leads me to a secondary question : How to unzip or use apk in files SampleUnauthorizedApp.zip for the second test, UnauthorizedAppTest because it is locked with a password, and second part of this test fails ?

Changes I made :

1. AESObfuscator class
   method obfuscate
   change to : import android.util.Base64
   change Base64.encode(...) ->Base64.encode(... , Base64.DEFAULT)
   (or maybe better : Base64.URL_SAFE ?)
   method unobfuscate (NB: maybe change to unObfuscate for better camelCase ?)
   change Base64.decode(...) ->Base64.decode(... , Base64.DEFAULT)
   change catch (Base64DecoderException... to catch (IllegalArgumentException...

2. same goes for decodes in LibraryChecker and LibraryValidator classes

Should the README mention the need for the CHECK_LICENSE permission in the Manifest?

@javiersantos I want to clarify something
I have an Already paid App in Playstore. then I want to check user already paid in play store or not. can I achieve it using PiracyChecker?

• [v] I have verified there are no duplicate active or recent bugs, questions, or requests.
• [v] I have verified that I am using the latest version of PiracyChecker.
• [v] I have given my issue a non-generic title.
• [v] I have read over the documentation (before asking questions on how to do something).

Details

• PiracyChecker version: any
• Device OS version: any
• Device Manufacturer: any
• Device Name: any

Builder

https://github.com/substratum/template/blob/kt-n/app/src/main/kotlin/substratum/theme/template/SubstratumLauncher.kt
[line 64 to 100]

Reproduction Steps

1. Update play store to 10.7
2. Try to open app

Expected Result

License check doing its work letting the user in

Actual Result

License check won't check the license successfully, and the user will be blocked out.
Don't know if happens on any kind of apps, I am a substratum theme developer.

Good day sir. I am a graphic designer and i am interested in designing a logo for your good project. I will be doing it as a gift for free. I just need your permission first before I begin my design. Hoping for your positive feedback. Thanks

• [x ] I have verified there are no duplicate active or recent bugs, questions, or requests.
• [x ] I have verified that I am using the latest version of PiracyChecker.
• [ x] I have given my issue a non-generic title.
• [x ] I have read over the documentation (before asking questions on how to do something).

Details

• PiracyChecker version: 1.2.4
• Device OS version: 7.1.1
• Device Manufacturer: MIUI
• Device Name: REDMI NOTE 4

new PiracyChecker(this)
.enableGooglePlayLicensing("i_added_here_my_BASE_64_LICENSE_KEY")
.enableSigningCertificate("i_added_here_my_signin_key")
.display(Display.ACTIVITY)
.start();

i used signin key which shows in log
and base key from store

when i try app
it show only error that app is not sign try from valid source.
i uploaded as beta tester for app still same error. please help

is while debug app sign in key is different from app in beta tester and release apk?

Is there a sample App and a detailed behavior of what will happen when the conditions aren't met. The current documentation is inadequate.

What will be shown/happen per case bases?

Some gif or a youtube tutorial would go a long way.

Thanks!

Details

• PiracyChecker version: 1.2.3
• Device OS version: 7.0
• Device Manufacturer: LG LG-H870, HUAWEI RNE-L21, Samsung Galaxy S7, so far

Builder

                    mPiracyChecker = new PiracyChecker(this)
                        .saveResultToSharedPreferences(prefs, CHECK_RESULT)
                        .enableGooglePlayLicensing(key)
                        .enableSigningCertificate(AppKeyUtil.INSTANCE.getSigningSig())
                        .enableEmulatorCheck(false);
                    if (!BuildConfig.DEBUG) {
                        try {
                            mPiracyChecker.start();
                        } catch (final VerifyError e) {
                            Timber.e(e);
                        }
                    }

Reproduction Steps

I don't know the reproduction steps, I'm seeing the crash in crashlytics.

Expected Result

Too not crash

Actual Result

a Crash:

Fatal Exception: java.lang.IllegalStateException: Can not perform this action after onSaveInstanceState
       at android.app.FragmentManagerImpl.checkStateLoss(FragmentManager.java:1434)
       at android.app.FragmentManagerImpl.enqueueAction(FragmentManager.java:1452)
       at android.app.BackStackRecord.commitInternal(BackStackRecord.java:707)
       at android.app.BackStackRecord.commit(BackStackRecord.java:671)
       at android.app.DialogFragment.show(DialogFragment.java:231)
       at com.github.javiersantos.piracychecker.PiracyCheckerDialog.show(PiracyCheckerDialog.java:26)
       at com.github.javiersantos.piracychecker.PiracyChecker$1.dontAllow(PiracyChecker.java:279)
       at com.github.javiersantos.piracychecker.PiracyChecker.doExtraVerification(PiracyChecker.java:401)
       at com.github.javiersantos.piracychecker.PiracyChecker.access$000(PiracyChecker.java:34)
       at com.github.javiersantos.piracychecker.PiracyChecker$2.dontAllow(PiracyChecker.java:334)
       at com.github.javiersantos.licensing.LibraryChecker.handleServiceConnectionError(LibraryChecker.java:280)
       at com.github.javiersantos.licensing.LibraryChecker.access$100(LibraryChecker.java:60)
       at com.github.javiersantos.licensing.LibraryChecker$ResultListener$1.run(LibraryChecker.java:329)
       at android.os.Handler.handleCallback(Handler.java:751)
       at android.os.Handler.dispatchMessage(Handler.java:95)
       at android.os.Looper.loop(Looper.java:154)
       at android.os.HandlerThread.run(HandlerThread.java:61)

although the latest version of the lucky patcher has been added, it is not detected by the piracychecker

• [ x] I have verified there are no duplicate active or recent bugs, questions, or requests.
• [ x] I have verified that I am using the latest version of PiracyChecker.
• [ x] I have given my issue a non-generic title.
• [ x] I have read over the documentation (before asking questions on how to do something).

Details

• PiracyChecker version: 1.2.3
• Device OS version: emulator
• Device Manufacturer: N/A
• Device Name: Nexus 5

Reproduction Steps

As says UnauthorizedAppTest:
/**

• 2. Specific test cases for unauthorized apps. Requires to install an unauthorized app before running this tests.
     */

1. install apk for unauthorized app (i.e. Lucky patch 7.4.2)
2. Run test
3. Test fails with message "PiracyChecker FAILED : PiracyCheckError is not At least one pirate app has been detected and the app must be reinstalled when all unauthorized apps are uninstalled.."

Possible Solution :

  @Test
  public void verifyUnauthorizedApps_DONTALLOW() throws Throwable {
    final CountDownLatch signal = new CountDownLatch(1);
    uiThreadTestRule.runOnUiThread(new Runnable() {
      @Override
      public void run() {
        new PiracyChecker(InstrumentationRegistry.getTargetContext())
            .enableUnauthorizedAppsCheck(true)
            .blockIfUnauthorizedAppUninstalled("piracychecker_preferences", "app_unauthorized")
            .callback(new PiracyCheckerCallback() {
              @Override
              public void allow() {
                assertTrue("PiracyChecker FAILED: There is an unauthorized app installed.", false);
                signal.countDown();
              }

              @Override
              public void dontAllow(@NonNull PiracyCheckerError error, @Nullable PirateApp app) {
                if (error == PiracyCheckerError.PIRATE_APP_INSTALLED
                    || error == PiracyCheckerError.BLOCK_PIRATE_APP) {
...

so add || error == PiracyCheckerError.BLOCK_PIRATE_APP.

NB : same probably holds true for verifyUnauthorizedCustomApp_DONTALLOW test method, but that test doesn't fail.

First off, Thanks for PricaryChecker. Once I add PiracyChecker, I can't debug my app without wrapping the code with a if BuildConfig.DEBUG. But that gives hook for disabling PiracyChecker (some of crackers are looking things if'd off with BuildConfig.DEBUG). It would easy enough to make release and debug version, I think it just mean moving one class in src/release/java and copy of it that's stripped in src/debug/java. Then the gradle lines are changed to:
releaseCompile 'com.github.javiersantos:PiracyCheckerRelease:1.1'
debugCompile 'com.github.javiersantos:PiracyCheckerDebug:1.1'

No hook for anything to grab onto. The release build will always have it, the deubg will always be disabled.

I'm happy to make a PR for this if there's interest.

As requested by @osama1 on #40, it would be interesting to add a addCustomPackage("package") method for detecting unauthorized packages.

• I have verified there are no duplicate active or recent bugs, questions, or requests.
• I have verified that I am using the latest version of PiracyChecker.
• I have given my issue a non-generic title.
• I have read over the documentation (before asking questions on how to do something).

Details

• PiracyChecker version: 1.0.2
• Device OS version: 7.1.1
• Device Manufacturer: All
• Device Name: All

Information

So, when I enable the license check in my app, it causes a weird crash but it only happens the very first time I use the app.

All the logs say is:

channel 'cf4caaf pl.patrykgoworowski.cornieicons/jahirfiquitiva.iconshowcase.activities.ShowcaseActivity (server)' ~ Channel is unrecoverably broken and will be disposed!

and

RemoteException caught trying to send a callback msg for NetworkRequest [ LISTEN id=12, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED] ]

Can you please share some help about it? Thanks in advance.

Got it from lucky patchers website. It's version as 7.0.8 and ends with .COIN
Can you add it please?

Details

• PiracyChecker version: 1.2.3
• Device OS version: 8.0.0
• Device Manufacturer: Samsung
• Device Name: Note8 (greatlte)

My app with PiracyChecker installed works fine when:

• Installed by running from Android Studio
• Installed from signed apk
• Installed from derived Google Play apk (signed by Google)

It doesn't work though when installed directly from Google Play (only first launch)

How I use PiracyChecker:

auth = new PiracyChecker(this)
.display(Display.ACTIVITY)
.enableInstallerId(InstallerID.GOOGLE_PLAY)
.enableDebugCheck(true)
.enableEmulatorCheck(true)
.enableGooglePlayLicensing(key);
auth.start();

Error on Google Play Developer Console:

java.lang.RuntimeException:
at android.app.ActivityThread.performLaunchActivity (ActivityThread.java:2957)
at android.app.ActivityThread.handleLaunchActivity (ActivityThread.java:3032)
at android.app.ActivityThread.-wrap11 (Unknown Source)
at android.app.ActivityThread$H.handleMessage (ActivityThread.java:1696)
at android.os.Handler.dispatchMessage (Handler.java:105)
at android.os.Looper.loop (Looper.java:164)
at android.app.ActivityThread.main (ActivityThread.java:6940)
at java.lang.reflect.Method.invoke (Native Method)
at com.android.internal.os.Zygote$MethodAndArgsCaller.run (Zygote.java:327)
at com.android.internal.os.ZygoteInit.main (ZygoteInit.java:1374)
Caused by: java.lang.IllegalArgumentException:
at com.github.javiersantos.licensing.LibraryChecker.generatePublicKey (LibraryChecker.java:126)
at com.github.javiersantos.licensing.LibraryChecker. (LibraryChecker.java:98)
at com.github.javiersantos.piracychecker.PiracyChecker.verify (PiracyChecker.java:323)
at com.github.javiersantos.piracychecker.PiracyChecker.start (PiracyChecker.java:300)
at com.layoutxml.support.MainActivity.onCreate (MainActivity.java:45)
at android.app.Activity.performCreate (Activity.java:7174)
at android.app.Instrumentation.callActivityOnCreate (Instrumentation.java:1220)
at android.app.ActivityThread.performLaunchActivity (ActivityThread.java:2910)
Caused by: com.github.javiersantos.licensing.util.Base64DecoderException:
at com.github.javiersantos.licensing.util.Base64.decode (Base64.java:619)
at com.github.javiersantos.licensing.util.Base64.decode (Base64.java:526)
at com.github.javiersantos.licensing.util.Base64.decode (Base64.java:465)
at com.github.javiersantos.licensing.LibraryChecker.generatePublicKey (LibraryChecker.java:117)

Things to consider:

• App is Beta version on Google Play
• That it works when installed directly from apk
• That it crashes only on first launch (whether installed fresh, or updated)
• Key supplied to PiracyChecker is the same as used in in app purchases and works there

My app is really very lite - no dependencies that are not there by default and PiracyChecker, only shows some images and text, allows in app purchases, doesn't use internet connection etc.

Additional question:
If the hacker was to decompile the app and remove a couple of lines that launch PiracyChecker, wouldn't it allow signing with different signature, installing from apk etc?

• PiracyChecker version: 1.2.2 & '1.2.3'
• Device OS version: 8.0

Google report Policy Issue: Your app was rejected for violating our Device and Network Abuse policy and sections 4.8 and 4.9 of the Developer Distribution Agreement.

I'm not able to release my app with piracychecker, developer console reject any update if I not remove this Piracychecker, please fix this issue

Hi,
I just found out about this library a few days ago and it looked very promising, I really appreciate your effort to make other developers lives easier.

I tried implementing this library in a beta version of my app which I later released to the Play Store for beta testers, and it seems like I got several false positives from the library.

I made it so I get Firebase reports for when PiracyCheckerCallback returns dontAllow.
I also had Firebase log the installer app package name when sending the report.
After less than 30 minutes of the app being available to beta testers on Google Play I got already 2
reports for the following devices:

Manufacturer: Samsung
Model: SM-J111M
Board: Sc9830i
Android API: 22
Android OS: 5.1.1
Brand: Samsung
RAM: 919.67MB
Orientation: Portrait

Installed from: com.android.vending
Reason: This user is not using a licensed application from Google Play.

Manufacturer: Htc
Model: Nexus 9
Board: Flounder
Android API: 21
Android OS: 5.0.2
Brand: Google
RAM: 1.79GB
Orientation: Portrait

Probably an emulator for automatic crash reports (pre launch reports)
Reason: This user is not using a licensed application from Google Play.

The second one is a Google emulator so it might be a different story, but I'm almost certain that the first report is genuine, and is from a valid user.

This is the code I used:

String[] lines = new String(arr).split(System.getProperty("line.separator")); //Getting the first line of the file that contains the Google Play Licensing and Signing certificate codes 
            new PiracyChecker(context)
                    .enableGooglePlayLicensing(lines[0])
                    .enableSigningCertificate(lines[1])
                    .enableDebugCheck()
                    //.enableUnauthorizedAppsCheck()
                    .callback(new PiracyCheckerCallback() {
                        @Override
                        public void allow() {

                        }

                        @Override
                        public void dontAllow(@NonNull PiracyCheckerError piracyCheckerError, @Nullable PirateApp pirateApp) {
                            if (prefs.enabled)
                                prefs.setBool(Prefs.KEYS.ENABLED.toString(), Constants.disabled);
                            FirebaseCrash.log(piracyCheckerError.toString());
                            FirebaseCrash.log(context.getPackageManager().getInstallerPackageName(context.getPackageName()));
                            nullObject.toString(); // make the app crash
                        }
                    })
                    .display(Display.ACTIVITY)
                    .start();

I saw in the README that you recommend not running the PiracyCheck in multiple instances

When using Google Play Licensing your should call .destroy() in the onDestroy() method of your Activity to avoid multiple instances of the service running. Have a look to the Wiki for a sample Activity with .destroy().

But in the current version of the app it might still happen, because I also check for license verification error from a service that may run simultaneously with the activity. Could that really be the source of the issue?

As I mentioned above, this seems to work for the most part, with the exception of this one user, which I doubt had the time to update and crack the app in less than 30 minutes, especially with the app being installed from Google Play, as the Firebase report says.

Looking forward to your response, I will try to analyse it further and any other information I find

Edit:
I updated the app again, now I should get the license key used in the verification process through firebase, I just got another report:

Manufacturer: Meizu
Model: PRO 5
Board: Pro5
Android API: 22
Android OS: 5.1
Brand: Meizu
RAM: 3.63GB
Orientation: Portrait
App used to install com.android.vending
Error: This user is not using a licensed application from Google Play.

I compared the license key I received from the report with my license key from the Play Store and they match

Edit2:
OK, maybe I figured it out, previously I wasn't implementing the onError method, after implementing it I got many reports about it being triggered, is it possible that by default when an error occurs with the license verification, the dontAllow method is being called?

Any who this is the error message that I get:

OnErrorNot market managed error.

Will update as I get more information

Edit3:
Never mind, seems like it didn't solve the issue, for some reason Google pre launch report Nexus 9 manages to reproduce this issue every time

Manufacturer: Htc
Model: Nexus 9
Board: Flounder
Android API: 21
Android OS: 5.0.2
Brand: Google
RAM: 1.79GB
Orientation: Portrait

Edit3:
Ended up commenting out the .enableGooglePlayLicensing(lines[0]) line, for now I will rely on the app certificate verification

Not working on Moto and Xiaomi devices!

Details #1

• PiracyChecker version: 1.2.3
• Device OS version: 7.0.0
• Device Manufacturer: Moto
• Device Name: G4 Plus

Details #2

• PiracyChecker version: 1.2.3
• Device OS version: 7.1.1
• Device Manufacturer: Xiaomi
• Device Name: Note 5 Pro

Builder

private void verify() {
checker = new PiracyChecker(this)
.enableGooglePlayLicensing("MY_KEY")
checker.start();
}

######Result
Working on my Nexus 5 (7.1.1)

Actual Result

Not working on these 2 devices I've tested so far

Hi,
I'm trying to add this library through Gradle.build file:

dependencies {
compile 'com.github.javiersantos:PiracyChecker:0.0.2'
}

Syncing Gradle will result in dependency not found error

• I have verified there are no duplicate active or recent bugs, questions, or requests.
• I have verified that I am using the latest version of PiracyChecker.
• I have given my issue a non-generic title.
• I have read over the documentation (before asking questions on how to do something).

Details

• PiracyChecker version: 1.2.4
• Device OS version: Any
• Device Manufacturer: Any
• Device Name: Any

Builder

        piracyChecker {
            enableSigningCertificate("/**/")
            enableGooglePlayLicensing("/**/")

            callback {
                doNotAllow { error, _ ->
                    sendResult(false, "PiracyChecker doNotAllow: $error")
                }

                onError {
                    sendResult(false, "PiracyChecker onError: $it")
                }

                allow {
                    sendResult(true, "PiracyChecker valid")
                }
            }
        }

Reproduction Steps

1. Add LVL check with proper licensing key
2. Test on any device
3. PiracyChecker returns error in title

Expected Result

Users who've bought the APK should receive the "PiracyChecker valid" status.

Actual Result

Many are reporting that the verification fails.

This doesn't seem to be related to version 1.2.4, as users on the Play Store are complaining as well, with an APK using an older version of PiracyChecker.

Full class: https://pastebin.com/mLamh0xD

Hello @javiersantos
I am willing to rewrite the library to Kotlin, but I wanted to know your opinion and/or if I am allowed to. Thanks 😅

I have a problem after adding dependency and sync

Android resource linking failed
Output: /Users/marwan/Documents/Android-Projects/photogo/app/build/intermediates/incremental/mergeDebugResources/merged.dir/values-v28/values-v28.xml:7: error: resource android:attr/dialogCornerRadius not found.
/Users/marwan/Documents/Android-Projects/photogo/app/build/intermediates/incremental/mergeDebugResources/merged.dir/values-v28/values-v28.xml:11: error: resource android:attr/dialogCornerRadius not found.
/Users/marwan/Documents/Android-Projects/photogo/app/build/intermediates/incremental/mergeDebugResources/merged.dir/values/values.xml:1590: error: resource android:attr/fontVariationSettings not found.
/Users/marwan/Documents/Android-Projects/photogo/app/build/intermediates/incremental/mergeDebugResources/merged.dir/values/values.xml:1591: error: resource android:attr/ttcIndex not found.
error: failed linking references.

Command: /Users/marwan/.gradle/caches/transforms-1/files-1.1/aapt2-3.2.0-4818971-osx.jar/76c130dc24c69748b151c0483251f08a/aapt2-3.2.0-4818971-osx/aapt2 link -I
/Users/marwan/Library/Android/sdk/platforms/android-27/android.jar
--manifest
/Users/marwan/Documents/Android-Projects/photogo/app/build/intermediates/merged_manifests/debug/processDebugManifest/merged/AndroidManifest.xml
-o
/Users/marwan/Documents/Android-Projects/photogo/app/build/intermediates/processed_res/debug/processDebugResources/out/resources-debug.ap_
-R
@/Users/marwan/Documents/Android-Projects/photogo/app/build/intermediates/incremental/processDebugResources/resources-list-for-resources-debug.ap_.txt
--auto-add-overlay
--java
/Users/marwan/Documents/Android-Projects/photogo/app/build/generated/not_namespaced_r_class_sources/debug/processDebugResources/r
--proguard-main-dex
/Users/marwan/Documents/Android-Projects/photogo/app/build/intermediates/legacy_multidex_aapt_derived_proguard_rules/debug/processDebugResources/manifest_keep.txt
--custom-package
net.kayisoft.photogo
-0
apk
--output-text-symbols
/Users/marwan/Documents/Android-Projects/photogo/app/build/intermediates/symbols/debug/R.txt
--no-version-vectors
Daemon: AAPT2 aapt2-3.2.0-4818971-osx Daemon #0

How could I solve it?

• I have verified there are no duplicate active or recent bugs, questions, or requests.
• I have verified that I am using the latest version of PiracyChecker.
• I have given my issue a non-generic title.
• I have read over the documentation (before asking questions on how to do something).

Details

• PiracyChecker version: 1.2
• Device OS version: 8.0.0
• Device Manufacturer: Xiamo
• Device Name: Mi A1

Builder

new PiracyChecker(this)
   .enableGooglePlayLicensing("XXXX")
                //.enableInstallerId(InstallerID.GOOGLE_PLAY)
                .enableSigningCertificate("XXXXX")// The original APK signature for the PRODUCTION version
                .enableUnauthorizedAppsCheck()
                .saveResultToSharedPreferences(mpref, "valid_license")
                .enableDebugCheck()
                .display(Display.ACTIVITY);
   .start();

Reproduction Steps

Expected Result

License success

Actual Result

License fail