Authenticating users on Android

Like our iOS SDK, the HockeySDK for Android has an authentication feature that allows to authenticate users against your app as well as restricting access individual builds. Once you're adding the code for verifying a user, HockeySDK will display it's UI to login and the app cannot be used. The feature is not intended to protect a single activity, but the whole application.

Due to historical reasons, the Android SDK handles authentication a little different.

Available authentication options

Anonymous

This is equal to the default HockeySDK behavior if you don't use LoginManager.
So if you want to switch between authentication modes for whatever reason,

LoginManager.register(this, APP_SECRET, LoginManager.LOGIN_MODE_ANONYMOUS);
LoginManager.verifyLogin(this, getIntent());

will switch the authentication feature off.

Authentication via email or email and password

If you want users to authenticate when they first open the app, the following two modes require them to enter their HockeyApp login data.

While LoginManager.LOGIN_MODE_EMAIL_ONLY requires users to authenticate with their email address, LoginManager.LOGIN_MODE_EMAIL_PASSWORD also requires them to enter their password.

LoginManager.register(this, APP_SECRET, LoginManager.LOGIN_MODE_EMAIL_PASSWORD);
LoginManager.verifyLogin(this, getIntent());

NOTE Both authentication modes don't restrict updates once the user has authenticated themselves, so as long as the user has a HockeyApp account, they will continue to receive updates even if they are no longer associated with your app.
Restricting a version to user's won't have any effect if you have chosen this authentication mode.

Verify the user's authentication status and restrict updates

If you want to restrict updates for individual versions or want the HockeySDK to check that your tester is still associated with your app, use LoginManager.LOGIN_MODE_VALIDATE.

LoginManager.register(this, APP_SECRET, LoginManager.LOGIN_MODE_VALIDATE);
LoginManager.verifyLogin(this, getIntent());

If you chosen this validation mode, the user will no longer be able to use the app if they have been removed from the app.

LOGIN_MODE_VALIDATE also affects in-app updates. If you have chosen this authentication mode, you can restrict versions to individual testers.

It also requires to user to have an internet connection to avoid users who want to circumvent your restriction by going into airplane mode.

Add authentication to your app

  1. Retrieve your app secret from the HockeyApp backend. You can find this on the app details page in the backend right next to the "App ID" value. Click "Show" to access it.
  2. Open the activity you want to protect, if you want to protect all of your app this will be your main activity.
  3. Add the following lines to this activity and replace APP_SECRET and LOGIN_MODE with your values:
import net.hockeyapp.android.LoginManager;

public class YourActivity extends Activity {
  @Override
  public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    // Your own code to create the view
    // ...

    LoginManager.register(this, APP_SECRET, LoginManager.LOGIN_MODE);
    LoginManager.verifyLogin(this, getIntent());
  }
}

Common pitfalls

I have restricted a version in HockeyApp, yet a user that isn't authorized gets an update.

There can be several causes for this:
1. Are you using the latest HockeySDK? Version 4.0.0 fixes a critical issue with restricting builds?
2. Did you use LOGIN_MODE_VALIDATE to restrict builds?
3. HockeySDK caches data for updates, so you can't restrict a version after you released it. You have to release a new version that is restricted.
4. Is the device associated with several of your testers? This is very common while testing an app on multiple devices with a limited amount of HockeyApp accounts. What happens is that your device is associated with an account that doesn't have access to your version, while it is also associated with an account that does have access. In this case, HockeyApp will deliver an update.