PiracyChecker fails to check whether the app is installed from Google Play Store.

[adamvarhegyi]

Hi,

I'm using 'com.github.javiersantos:PiracyChecker:1.2.3' because my app is not yet integrates AndroidX.

I have numerous reports from user reviews in my app's Google Play page that they have installed the app from the Google Play Store, yet they getting the piracy warning message.

Here are some examples:

I also got a user report via email:

I use the piracy checker like this:

    public static void showPiracyActivityIfNeeded(final Activity activity) {
        if (!BuildConfig.DEBUG) {
            //Releaseb build, piracy check.
            new PiracyChecker(activity)
                    .enableInstallerId(InstallerID.GOOGLE_PLAY)
                    .callback(new PiracyCheckerCallback() {
                        @Override
                        public void allow() {
                        }

                        @Override
                        public void dontAllow(@NonNull PiracyCheckerError piracyCheckerError, @Nullable PirateApp pirateApp) {
                            Intent intent = new Intent(activity, PiracyWarningActivity.class);
                            activity.startActivity(intent);
                            activity.finish();
                        }
                    })
                    .start();
        }
    }

My app have 4k reviews and only 3 of them are like this, but I don't know the exact user count because there could be users who don't comment about this issue.

What is going on?

Thanks in advance.

[avipars]

Is it possible that these downloads aren't legitimate?

[adamvarhegyi]

Is it possible that these downloads aren't legitimate?

I don't think so. They wouldn't complain that way.

[goldfish07]

Note: piracy check require internet connection for once to save isregestered value in SharedPreference;

your user getting this issue cause

• they may clear data of app and then reopen it without internet connection which show not licensed message

possibilities can be many ,what if OS denied app not to use internet connection

solution
you can ask user to enable internet connection to check license

if OS Network related issue
put network security config in manifest

<application android:networkSecurityConfig="@xml/network_security_config">

then in res->xml create network_security_config.xml

and put

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>

[adamvarhegyi]

put network security config in manifest

<application android:networkSecurityConfig="@xml/network_security_config">

then in res->xml create network_security_config.xml

and put

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>

Okay... but why? What is this needed? What is this doing?

Ah okay I see you edited your answer. I'll try this.

[goldfish07]

have you seen my edited answers ?

[tzmm]

Leaving this for posterity in case it helps anyone:

When we detect that the app wasn't installed from the Play Store, we pop-up a dialog that gives the user two options:

1. Redirect them to the Play Store to reinstall from there.
2. Contact support

When they contact support we open an email dialog and fill in some details to help understand what's going on, including the installing package name.

Generally these are people who are confused, and think they're installing from the right place, but inevitably, they'll have installing packages including:

ru..
com.apkpure.aegon
com.lenovo.anyshare.gps
cn.xender
etc...

Not saying we're not getting false positives, but we're definitely seeing a good number of support calls from people who think they've done the right thing.

I suspect the ru.. ones could be an official Play Store app replacement in Russia, but we're getting tons of installs from Russia so it's not clear to me if this is an official channel or not.

[adamvarhegyi]

After adding the network security config to the manifest, I thought this case was solved. I didn't met it for a long time until today.
This lib still fires false positives and I'm thinking about completely removing it. This was it does more harm than good.

By the way, one question:

When they contact support we open an email dialog and fill in some details to help understand what's going on, including the installing package name.

How do you get the installer id? If I can get the installer id I could just check whether it is the same as the Google Play store and that's it? I have my own piracy checker?

Thanks in advance.

@tzmm

[grill2010]

Same problem on my side.
I have two apps on the store which are using piracy checker and sometimes users are complaining that they receive this message even though the have installed it from the store (I checked their order id and they were legit downloads). I really don't know why this is happening but it seems it's hard to reproducer and it's probably a hidden error which is in the project for a long time already.