App theft protection

[trags3]

I would like to embed a unique set of characters into an exe file so be able to detect App theft. Serial Number maybe.
The first time the file is run it would be registered. That registration would be stored on my server and allowed to run. I would like to be able to detect a copy trying too register to thwart theft.
Any suggestions on exactly how this could be implemented?

Tom

[paul@researchware.com]

We use a "phone home" feature in our apps. Not for theft protection per se. We use it to collect usage data to see how often out apps are being used. When someone buys out app, they get a license key, the key needs to be enetred in the app, stored in an encrypted licenses file (as you can't easily modify the EXE). Without the key, the app runs in a free trial/demo mode. On startup and quit, the app sends the key to our server along with a bunch of general information (OS type, OS version, app version, build number, timestamp, a UUID derived session key, a "START' action on startup and "STOP" action on quit, license key, etc.) The license key is checked against a list of valid, voided, or timed (still good or expired) keys and a flag is returned along with an optional message as to whether the key is 'good' or not. We use the rest of the data to see trends in usage (macOS usage is up or down vs window, we still have x many activation /week on an older version - time to send out upgrade sale notices, and so on. As we can see if a license is being used by someone it was NOT registered to, we can void the license on the server, which prevents that key from running the app, and issue a new key to the registered user (assuming they were uaware of someone else using their key). I know nothing about your application or market, but you realy have to be carefull about enforcing "theft" as it could be someone using your app on another computer, reregistered for that computer, perhaps using a different name, because their computer is dead or out for repairs or something. And if you make people change keys too often for "piracy", you will get a very bad reputation. Some "loss" of revenue is worth not damaging the company reputation.

[trags3]

Thanks Paul!

[richmond62]

Obviously that presupposes you always have internet access.

[paul@researchware.com]

We did make allowances for off-line activation - like Livecode - because we do have "field" researchers using our tools where there is no internet access, but it has been very very rare. I would say 99.99+% of customers have internet access where ever they are using our software.

[richmond62]

I would say 99.99+% of customers have internet access where ever they are using our software.

Indeed.

Just playing Devil's advocate.

My son just fell foul of that requirement because, in Scotland where he stays, he had a power cut for 2 days (a big storm), and although he had the means to keep his laptop charged, he was unable to use some critical software because it could not phone home.

[paul@researchware.com]

I appreciate that predicament as I've been in the same situation (power outage, with power for a laptop and no internet) - although these days I have a WiFi hot spot loaded on my phone, so, in a pinch, I can turn it on and get internet for my laptop through my phone (assuming cell service still is available).

It is why our "offline activation" is actually built in. Embedded in the standalone is a local check that the license key is a valid key. The server check is whether that valid key has expired for a timed license or been deactivate entirely. If the server can't be contacted (due to internet outage) a considerable "grace" period is provided where the app will run based on the key being locally validated. When it does have internet again, if the key is deactivated then the app won't start up.

This, of course, means that a determined software pirate can run our app with a stolen key by keeping their clock turned back and no internet connection. If someone is THAT determine, more power to them. They are welcome to pirate the software!