Early last year I wrote the first version of Penetrate, an Android application that performed penetration testing on Thomson/Speedtouch routers using a well-known vulnerability. What happens is that in order to easily perform initial setup, some router brands make it easy to generate router passwords from their SSIDs.
The first version was just for fun and released to friends, then I pushed it to the market with some Ads in order to experiment with monetizing applications. Penetrate was never a big money maker ad-wise, but that was not really the point. I kept upgrading Penetrate and adding more supported routers as a result.
Soon enough, several antivirus applications for Android started flagging Penetrate. Why? I will never know, I tried to reason with them and went as far as decompiling their code to know what was going on. My conclusions were the following: People who buy antivirus apps for Android are being robbed. The only thing this app did was store a list of hand-written application package names, performing no active detection whatsoever. Android Antivirus apps are a joke, do not buy them, do not use them. They give you a false sense of security.
Last December, as a result of a bet among friends, I decided to publish Penetrate Pro which was really just Penetrate Free without ads and see if I could sell 10 copies until the end of the month. Amazingly, I did sell 10 copies, I even sold 100 and in the coming months I would sell a couple thousands more. There was also an amazing amount of Penetrate clones being released in the market, which never seemed to affect sales.
At this point I had somewhere near 5k downloads of Penetrate Pro and 250k of Penetrate Free, both sporting 4 stars in the market, which is quite an achievement.
Penetrate Pro was becoming a steady income source (and that was never the point). For people who say there is no money to be made in the Android Market, they are very mistaken.
Last week, Google decided to boot the application from the Android Market after receiving a complaint from a telecommunications agency. As a result, Penetrate and clone applications were removed.
I must say I was not surprised. Even if I was not supporting illegal entry in neighbors wireless networks, the whole thing was a big gray area and I was sure that if Google was ever put on the line they would nuke it.
I am not totally certain on what to do with Penetrate. But right now I believe I will distribute it by myself, freely. This method has several inconveniences, updates may be harder and I will have to change the method of charging for the paid version.
This is my course of action regarding Penetrate:
- Handle the distribution here or in a special purpose website.
- Penetrate Pro and Free are now the same application.
- The application is ad-supported (you will be able to turn off ads if you want).
- Penetrate will be donation-ware
- There will be an in-app donation through Paypal.
- Donating will get you a donation key, which may unlock features, I haven’t decided yet.
- Previous Pro users: Thank you for your support! You rock and you will obviously get your donation keys for free.
- I will make Penetrate open source in the next couple of days.
If you have remaining doubts or any suggestions, feel free to contact me over at twitter or by e-mail: diogo at underdev.org.