Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
October 17, 2017
arrowPress Releases

If you enjoy reading this site, you might also want to check out these UBM Tech sites:


Passive/Aggressive Anti-piracy for Android Indies.

by dominic cerisano on 02/11/14 06:29:00 am   Featured Blogs

The following blog post, unless otherwise noted, was written by a member of Gamasutras community.
The thoughts and opinions expressed are those of the writer and not Gamasutra or its parent company.


Passive/Aggressive Scuttling

Here is an easily hidden technique I call 'scuttling' that works for android apps deployed to Google AND Amazon. Scuttling is front-end piracy detection by the app. What to do once detected is in the purvey of the app creator.

  • Aggressive Scuttling: Eg. Terminates or hobbles pirated app. Network communication not necessarily required.
  • Passive Scuttling: No obvious app modification. Eg. customized back-end analytics tracking.

If your app was installed from any source other than Google or Amazon, scuttle() returns true.

// Dont just copy/paste this code - that is what automated crackers look for - cludge it!
// No network communication is required at runtime.
// myPackageName should decode at runtime to "com.yourpackagename"
// google should decode at runtime to "";
// amazon should decode at runtime to "";

public boolean scuttle(Context context, String myPackageName, String google, String amazon)
//Scallywags renamed your app?
if (context.getPackageName().compareTo(myPackageName != 0)
return true; // BOOM!

//Rogues relocated your app?

String installer = context.getPackageManager().getInstallerPackageName(myPackageName);
if (installer == null)
return true; // BOOM!
if (installer.compareTo(google) != 0 && installer.compareTo(amazon) != 0)
return true; // BOOM!

return false;


The following screenshot was taken from google analytics showing a pirated tracked free app from playstore( was redeployed with aggressive scuttling (non-playstore installs detected and terminated -BOOM!). Non-playstore (not-set) tracking drops. Tracking was not required, but enabled for these measurements.


Note service (app)signing plays a role in scuttling: The package manager enforces unique package names with unique signatures. This prevents installation of any download service other than the one that comes with android.

This presents the question of what to do when the app is scuttled (pirate detected by the app). Piracy is a form of viralization (uncontrolled distribution) of your app. It is already detectable by enabling the analytics tracking back-end. Scuttling allows the app creator to customize a front-end response with or without tracking.

Aggressive scuttling is obviously detectable by pirates (BOOM!). This encourages further cracking. Passive scuttling is far less obvious, but may involve tracking.

Piracy may not be preventable but it is predictable, detectable, and trackable.

Tracking can present insurmountable problems to pirates, but also presents it's own ethical issues.

Agressive scuttling requiring no network communication as outlined above is perhaps the best solution. It is easily hidden (unlike licensing) and can be tailored to be as unobvious (passive)as possible.

A passive-aggressive scuttling example that involves the network might be using the new scoreTag metadata in googleplay leaderboard api to store whether the game was pirated. GA/UA tracking not used.

I would like to especially hear from the ethics crew about the following:

In a passive-agressive scuttling scenario, authorizedinstalls are not tracked.

Pirated installs however, are tracked up the wazoo. Otherwise no difference in app behavior.

So, instead of crackable licensing, the app creator accepts tracking data as a kind of payment.

Q: Is it still piracy if tracking is received in lieu of payment for unauthorized installs?

Q: Doestracking in lieu iof licensing an implyauthorization?

Q: If pirated installs become a valuable and viral distribution and analyticschannel is it still piracy? Is this still an anti-piracy measure?Would this promote piracy?Does this actually redefine piracy?

Related Jobs

Deck Nine Games
Deck Nine Games — Westminster, Colorado, United States

Mobile Programmer
Deck Nine Games
Deck Nine Games — Westminster, Colorado, United States

Senior Console Programmer
DigitalFish, Inc.
DigitalFish, Inc. — San Mateo, California, United States

Software Engineer - Machine Learning
DigitalFish, Inc.
DigitalFish, Inc. — Mountain View, California, United States

Software Engineer - AR/VR

Loading Comments

loader image