Re: GLib Library License

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Right Dov,

I assume when an application is installed, from a self-signed apk, it gets install in a private storage, as you comment, which is independent from the one of secured signed distributed in Play Store, and assume you have all necessary files to run the app in the apk, no requiring the any thing from the original apk. Please tell me if I'm wrong.

If that is correct, then you have to provide not just object files but resources ones, which should be encrypted at distribution, or any other method like embedded in binaries, to avoid user to get access to them if they have copyright protection or simple you don't want to share to any one.

Beat regards.

PD I'm currently evaluating same issues to create GLib/Android applications.


El 26 jul. 2016 7:41 a. m., "Dov Grobgeld" <dov.grobgeld@xxxxxxxxx> escribió:
If I understand you correctly, you make the assumption that the user can influence the all the permissions granted to the program, and as far as I understand that is not correct. E.g. an application gets a private region on the file system at a place like /mnt/sdcard/Android/data/name . I assume that this region is private to one application and one digital signature. Thus if the users create their own versions, they will not have access to files there. On the other hand, perhaps you can choose not to store anything there, but only in a public place like /mnt/sdcard and get around that limitation. It starts to get messy...

Regards,
Dov

On Tue, Jul 26, 2016 at 2:47 PM, Daniel Espinosa <esodan@xxxxxxxxx> wrote:

Please explain me if I'm wrong.

By reading

https://developer.android.com/distribute/tools/open-distribution.html

I see an option for the ones trying to create their own apk files, because they should sign their new apk and is not required to have keys signed by Play Store authority, then they can use any method listed there.

When you install apk apps, they should ask for permissions and is issue of the users to allow or reject, even if they want to install apps from untrusted places. Permissions should not an issue here, they are grant by the user.

With that in mind, you can continue serving your application from Play Store, secured and updated, and your users can download your object files, by login in your site, while he and others have a valid license to use the software, and create and distribute new apk self-signed to others.

Additional issue is to make sure any one trying to use your software behave to connect to a server to authenticate, validating a license or if you install license keys to validate against, like Docs to Go use a second apk Docs to Go Premium Key to enable paid legitimate applications to run.


El 26 jul. 2016 12:35 a. m., "Dov Grobgeld" <dov.grobgeld@xxxxxxxxx> escribió:
As is explained in the article, a package rebuilt by the user will not be signed with the same digital key as the original play store distributed package. Due to the isolation of packages by android, this user built package will not have access the same areas on the file system as the original package. Therefore it is not a replacement and the conditions of the LGPL have not been fulfilled. In contrast a deb built by a user does not have these restrictions.

The only way I see this working is by skipping play store altogether and only distribute object files and instructions for the end users how to build a package on their own. That unfortunately prevents most people's grandmothers from using the application.

But then again, IANAL.

Regards,
Dov

On Tue, Jul 26, 2016 at 3:32 AM, Daniel Espinosa <esodan@xxxxxxxxx> wrote:

While this article digital signature is the issue, but if you create your own apk file and install in your phone, or any one do the same, with out using Play Store at all what is the difference if you create your own deb package and install in your system or any other use it at his own risk, with out use any Debian official repository?

In order to fulfill LGPL, you should provide a way for your users to download object files and by themselves links and package it with their own version of GLib.



_______________________________________________
gtk-list mailing list
gtk-list@xxxxxxxxx
https://mail.gnome.org/mailman/listinfo/gtk-list

[Index of Archives]     [Touch Screen Library]     [GIMP Users]     [Gnome]     [KDE]     [Yosemite News]     [Steve's Art]

  Powered by Linux