dport 0 Posted November 23, 2023 With applications such as DualSpace available on Playstore, an application on the phone can be cloned and run as a completely different copy. Even if distinctive features such as androidId, FCM (Firebase Cloud Messaging) ID, MAC serial are used for device recognition, the cloned application can bypass the identification system by producing completely different IDs. Is there a way to tell if the app is a clone? Options such as PackageName control and Installation path control are suggested on the internet, but when I check as follows, the cloned application gets the PakageName like the original and shows the same installation path. showmessage(JStringToString(SharedActivityContext.getPackageName)); showmessage(JStringToString(TAndroidHelper.Context.getPackageCodePath)); Therefore, both of these methods do not work when detecting the cloned application. Another way is to check whether the application is running on the virtual machine, but I couldn't find how to check it. Is there a successful method in Delphi to detect a cloned application? Share this post Link to post
dport 0 Posted November 24, 2023 There is a solution that checks whether the cloning applications are installed on the phone, but it is not very applicable since there are hundreds of programs that do this job (it will also be necessary to introduce the programs that will be added later). function IsAppInstalled(const APackageName: string): Boolean; var LIntent: JIntent; LList: JList; LApplicationInfo: JApplicationInfo; I: Integer; begin Result := False; LIntent := TJIntent.JavaClass.init(TJIntent.JavaClass.ACTION_MAIN); LIntent.addCategory(TJIntent.JavaClass.CATEGORY_LAUNCHER); LIntent.setFlags(TJIntent.JavaClass.FLAG_ACTIVITY_NEW_TASK or TJIntent.JavaClass.FLAG_ACTIVITY_RESET_TASK_IF_NEEDED); LList := TAndroidHelper.Context.getPackageManager.queryIntentActivities(LIntent, 0); for I := 0 to LList.size - 1 do begin LApplicationInfo := TJResolveInfo.Wrap(JObjectToID(LList.get(I))).activityInfo.applicationInfo; if (LApplicationInfo.flags and TJApplicationInfo.JavaClass.FLAG_SYSTEM) = 0 then begin if APackageName = JStringToString(LApplicationInfo.packageName) then exit(true); end; end; end; (Must be given query all packages permission to run) Share this post Link to post
Fr0sT.Brutal 900 Posted December 28, 2023 Why would you need that? Just let the user install your app as it wants to. I'd throw away any app that would do such dirty things leaving 1-star review at market. Share this post Link to post
Dave Nottage 563 Posted December 28, 2023 On 11/23/2023 at 9:11 PM, dport said: Is there a successful method in Delphi to detect a cloned application? If there's a way to do it in Java or Kotlin, there's usually a way to do it in Delphi. Do you have any links discussing why this is a problem, and potential solutions? Share this post Link to post
dport 0 Posted January 5 On 12/28/2023 at 11:24 AM, Fr0sT.Brutal said: Why would you need that? Just let the user install your app as it wants to. I'd throw away any app that would do such dirty things leaving 1-star review at market. On 12/28/2023 at 12:55 PM, Dave Nottage said: If there's a way to do it in Java or Kotlin, there's usually a way to do it in Delphi. Do you have any links discussing why this is a problem, and potential solutions? There are reasons such as preventing the user from opening more than one account and cheating in online games, and preventing punished players from logging in from parallel accounts and continuing to cause problems. We generally use device-specific serial numbers to prevent these situations. In the past, IMEI and MAC serial numbers could be used, but since this information is no longer provided, we provide this control by using different Unique IDs specific to the device. However, since the software that clones the device also clones these UniqueIDs, it is perceived as logging in from a completely different device. For this reason, if the application has been run through cloning, we want to prevent it from running. Share this post Link to post
Dave Nottage 563 Posted January 5 1 hour ago, dport said: For this reason, if the application has been run through cloning, we want to prevent it from running. I have a repo containing some ChatGPT "conversations" which might be of interest, and have just added this one: https://github.com/DelphiWorlds/HowTo/blob/main/ChatGPTConversations/DetectClonedApp.md The Delphi code is my conversion of the Java code. As per the warning here, always verify anything coming from ChatGPT, or me, for that matter 🙂 Share this post Link to post
dport 0 Posted January 6 On 1/5/2024 at 6:56 AM, Dave Nottage said: I have a repo containing some ChatGPT "conversations" which might be of interest, and have just added this one: https://github.com/DelphiWorlds/HowTo/blob/main/ChatGPTConversations/DetectClonedApp.md The Delphi code is my conversion of the Java code. As per the warning here, always verify anything coming from ChatGPT, or me, for that matter 🙂 Thank you for your answer. Unfortunately, when run from within the dualspace application, the getInstallerPackageName method always returns com.android.vending. Normally, when debugging the application, this value returns nil because it is not installed from Playstore. However, when you run your application compiled in debug mode from dualspace, this value returns as com.android.vending. Cloning apps manipulate all the parameters offered by the Android system to prevent cloning detection. var LInstallerPackage: JString; begin LInstallerPackage := TAndroidHelper.Context.getPackageManager.getInstallerPackageName(TAndroidHelper.Context.getPackageName); showmessage(JStringToString(LInstallerPackage));//always return com.android.vending in cloning application end; Share this post Link to post