- Home /
How can I protect Apk generated by Unity ?
Hello All,
I have developed a game through Unity3D for Android and I have also uploaded it on playStore. But someone has uploaded its .apk on his website and selling it for free(On playStore its paid). So there are few questions that arises here that:
How can we secure apk from reverse engineering?
Do I really need to secure or Unity already provide support for it?
If any one can answer it would be great help.
Thanks in Advance.
Answer by tanoshimi · Oct 14, 2014 at 06:37 AM
Unfortunately, it is impossible to truly "protect" your code from reverse-engineering. This is not a specific weakness of Unity, but is true of any client-side application. Obfuscation can slow the process down, but a determined hacker will always be able to get past it.
However, from your description it's unclear that any reverse-engineering has actually taken place - simply that the APK file has been uploaded to an unauthorised site? If your app is normally free to download from the Google Play store, it may even be that the uploader has not realised they have done anything wrong (your game is still free, and they've increased your potential circulation...).
The first thing I'd do is to contact the site owner and politely point out that you are the code author, that the application is only for distribution via the Play store, and request they remove it from their site.
If that doesn't work, you could try legal action but, frankly, it's not worth it. The best approach to counter hackers is just to continue innovating - create new games, improvements, and features, and make sure that you only push those changes to authorised sites. Sure, you can't stop them being copied again, but they'll always be one step behind you.
@tanoshimi is completely right. Generally not to turn out to defend the project. The only way of good protection is as in Diablo 3. But for this purpose you shall have the server and application shall be rather popular.
Thanks for your feedback Tanoshimi. Actually my game is a paid game as mentioned and site owner is selling it for free. Fortunately its not working. But my concern was whether I could give more security to my future games or not, your approach for handling hackers is helpful. Thanks once again.
Try using Android Native plugin which has the facility called App Licensing. Hope this may help you. Nsks
Answer by Cynikal · Oct 14, 2014 at 05:56 AM
Nothing is ever secure...
However, what you can do is look into obfuscation methods.
What is obfuscation?
http://en.wikipedia.org/wiki/Obfuscation_(software)
Basically... Turns "string MyServersPassword = "DonkeyLips31"; into something unreadable, then later references it elsewhere in the code...
Or changes a series of variables named.. Variable1, Variable2, Variable3 to like..
IlIlIllI IllIlIll IILILILI
Those are 3 different names... But, staring at those... can be confusing to the naked eye.
However, if someone is determined... they will steal/crack your game.
Thanks for your feedback Cynikal. I will surely follow your approach.
Answer by screenname_taken · Oct 14, 2014 at 07:41 AM
Well one way to mess with someone that wants to copy your game is to have a check if the app store DRM is removed. And if it is make the game unwinnable, or show some text.
Thanks for help. But how can I check that DR$$anonymous$$ is removed or not?
Answer by Olly · Jul 02, 2016 at 09:01 AM
Good obfuscation makes it really hard for hackers. For example; during normal Android development we use something called ProGuard.
Don't listen to people who say 'Obfuscation is useless'. Yes it might be true that hackers can always access front end code; that doesn't mean you should make it easy for them to copy and change your work.
Your answer is pretty much off-topic. You have to distinguish between different kind of "protection". Obfuscation provides a basic "code protection". To use it effectively in Unity you have to approach your whole development in a different way. Due to the way how Unity works you can't obfuscate many things in your code.
In this case the question was about copying the whole AP$$anonymous$$ from the playstore and distribute it for free on a thrid party website. Obfuscation doesn't help against that at all. Actually nothing really helps against that ^^.
If you find your AP$$anonymous$$ hosted on a third party website the best you can do is contact the hoster and drop an abuse message stating that you are the copyright holder of the content hosted and that you might take legal actions if they don't take it down. $$anonymous$$ost people don't host their websites themselfs but use free / rented hosters. They usually take action if they receive such requests. A lot people have a very twisted view on copyright. Just because someone offers an app for free on the playstore it doesn't mean you are "automatically" allowed to redistribute it.
So under the line obfuscation is of course not useless, but won't help in this case.
Answer by WTPS · Oct 14, 2014 at 08:54 AM
try to visit : http://www.softlock.net/
Well, posting a link to a commercial software isn't forbidden as long as it solves the problem. However from what i've read the software and data protection they offer doesn't apply here or to Unity at all. So yes, it just looks like an ad but it's the only post of WTPS about that company, so it doesn't look like he's spreading ads. He probably thought it might be helpful...
you're right. but don't understand why this answer was upvoted.
Your answer
Follow this Question
Related Questions
APK size question 0 Answers
APK size 70 mb more then editor log 0 Answers
Android / Split apk / obb can't load a scene 1 Answer
Why APK freezes at start of game level? 0 Answers
Issue installing apk using old Cert 1 Answer