Betan for developers

Betan aims to make distributing secure copies of APKs simpler.

Who can distribute apps with Betan?

Any developer can use Betan to distribute beta copies of their Android applications subject some terms and conditions that must be agreed prior to registration. Registration is very straightforward – it requires the minimum information necessary for end-users to download your applications and contact you.

What's involved in distributing apps via Betan?

The simple answer is:

Encrypt your APKs, upload them to a webserver, tell Betan where to find them.

That's all. Here's a diagram that fleshes-out the process..

What do I need to do?

The tool you need for encrypting your APKs is a Java commandline tool that you can download.
Follow the instructions for how to use betan-publish
You should now have a directory containing a betan-index.txt file and one or more encrypted APKs. Upload them to a webserver somewhere (you're on your own for that one).
Register the location of your encrypted library of APKs at betan.tomgibara.com.
Start distributing passwords to your lucky users. Direct them to this page for help on downloading and using Betan application they need to decrypt your application.

How does Betan provide secure distribution?

The applications to be distributed are encrypted with AES, using a master password, or application specific passwords that only you know. You use a command line Java tool to do this for you: you point it at a directory of APKs and it will encrypt them all, generating an index.txt file that lists the applications that were encrypted. It is then your responsibility to upload these files (the index files and apks) to a publicly accessible webserver.

Then all that remains is to register as a 'publisher'. Registration requires no private information and is used only to: list you as a publisher within the Betan application and to inform the application where your index of APKs is located.

When the user launches Betan, they simply choose you as the publisher from a list of other publishers and enter a password that you've supplied. If the password is correct, the APK is downloaded, unencrypted and installed. In regular operation, users cannot get access to the unencrypted application. In practice, determined users who have the technical skills will be able to circumvent this, but they will need a valid password first.

It's worth noting that at no point am I storing your passwords and I don't record them anywhere in the application, so your applications are totally private, even from me: the only thing that gets leaked is the name, version and package of the apk.

How secure is distribution with Betan?

Nothing is entirely secure, but Betan will provide better security than emailing an APK or hosting it behind a password protected web page. Users who have the password to download an APK are able to install the application, but cannot easily get access to an unencrypted copy of the APK. If, as a developer, you are exercised by the possibility that users will be able to use unauthorized copies of your application, you may wish to combine the protection that Betan provides (which is around preventing open distribution), with a licencing framework (such as the LVL from Google, or the licensing system from AndAppStore).