Secure your account using 2-step verification

Now you can secure your account even further using two-factor authentication (2FA). In addition to your password, you will have to enter a short 6-digit code each time you log in, which helps to keep your account protected.

Enable 2-step verification

You can access this page directly here.

  1. Go to the Account Settings page
  2. Click on “Configure 2-step verification”
  3. Check “Enable Two Step Authentication” checkbox
  4. Scan the QR code with Google Authenticator (note: there are other alternatives such as Authy if you already have oen of them installed). If you want to get Google Authenticator, you can get it for

Open Source

At SKM, open-mindedness and transparency are at the core of everything we are doing. Therefore, we’ve open-sourced the core parts of 2-step verification, freely available on GitHub. You can learn more about our other open-source projects at skmapp.com/open-source.

Adding Enterprise Licensing and Enterprise-Grade Support

SKM platform is being relied upon by many software developers and vendors of various sizes. Today, we are happy to introduce SKM Enterprise, a tailored solution for high volumes of end customers, with custom development of functionalities to support all types of software and workflows (from mission critical applications to large scale usage). In addition, we are now offerring extended support (eg. phone and email support) aimed at enterprise customers.

Our aim is to make it easy for software developers and vendors to focus on developing functionalities that really matter to their customers and that make them a world leader in their area.

By making software licensing simple and affordable, we hope that more companies will be more productive and profitable, and in this way make their product more innovative and beneficial to their customers.

Getting in touch

If you want to get in touch, please send us an email at support (at) skmapp.com or visit our office at Lindstedsvägen 24, Stockholm (4th floor). We look forward to meeting you!

How to Skip Royalties for Mobile Apps using Software Licensing

Problems with App store?

Limited Functionality

One clear problem with any App store is that you’re locked in to use their limited set of licensing models (i.e. ways to sell your app). This is evident when you want to support proper subscription based model (i.e. customers need to pay on a monthly or early basis to continue to use your app). Many big companies, such as Microsoft and Adobe, are starting to charge their customers on a recurring basis, for instance in Office 365 and Adobe Creative Cloud. Now, you no longer buy the “product” but rather the “service”, which means that we want to give our customers a great user experience independent of the platform, may it be a tablet, a smartphone or a PC. Unfortunately, this is very difficult to implement and manage across multiple platforms  if you use built in functionality of the App store (and other app stores) because you’re locked in into their ecosystem.

High Royalties

Not only are you locked in into their ecosystem, they also take 30% of your revenue that you could have used to develop your application further.

Say you sell your service for $100/per month. Then you have to pay $30 per month in royalties, which adds up to almost $400 per year. Note, this is in addition to the fee that you payed to register a developer account.

How is this solved now?

One question that comes into our mind is following: How do companies like Spotify and Uber avoid to pay Apple the 30% transaction fee? The common denominator is that they use a custom licensing component that they maintain themselves. For example, to use Spotify, you need an active subscription (even if the app is free), which you can get outside of the Apple store, for example, on Spotify’s website. So, technically, no transaction occurred in the app itself.

Solution

The idea is to avoid using the built-in functionality of the App store as much as possible. You can do this in the following two ways: either you develop a licensing component from scratch or use a third party.

Building from Scratch

If you have some time at your disposal, you can create a licensing system from scratch or use an open source library, such as SKGL. The advantage is that you get to design it specifically for your needs. Using open-source systems can save you some time, but please keep in mind that you might instead need to spend time on configuring it and possibly extending depending on your requirements.

Using Third Party

The idea here is simple: “Why invent the wheel?”. Software licensing and monetization is such a common problem so there are solutions out there that can do just that.

First of all, they will probably cover many cases and secondly they are also cheaper than doing it on your own (after all, think about the time it would take, which is approx. 2-3 months, and later maintenance).

The critical bit is maintenance. Imagine that your business model changes and you have to restructure your licensing solution. If you use a third party, they most likely have what you’re looking for, so changing won’t be hard. Otherwise, you have to do it yourself from scratch.

Example solution using SKM

In order to get a working licensing component, one way to go is to use SKM – a cloud based licensing as a service. SKM is like a toolbox that contains many of the tools that you would need to set up a licensing system within hours. In comparison to many of the alternative solutions, it’s aim is to be accessible, which includes being affordable and simple-to-use. Moreover, one of the values is transparency and developer friendliness; many of the tools used in SKM are available open source and free of charge.  It’s very simple to get started.

Happy New Year (2017)

This year has almost reached its end (at least here in Sweden) and within several hours a new year will begin – 2017.

By looking back on 2016, I’m very happy that we are getting closer to achieve our mission: to make software licensing more accessible. This is thanks to our partners and customers, who continue to support us with new ideas and insights. I’m very thankful to all of you.

Soon 2017 will begin, and I’m convinced that this new year will come with new interesting challenges and opportunities for all of us.

I wish you all the very best! 🙂

/Artem

Lead Developer, Founder

Fixed downtime Dec 18th due to invalid certificate

Today we had a major downtime because the new TLS certificate was not upgraded properly. This caused most of the versions of SKM Client API (aka SKGL Extension) not being able to validate license keys.

I’m very sorry for all the problems that this caused you. Downtimes occur because of various issues; at SKM we are constantly working on making sure to reduce them and their impact.

I’my happy to tell that this issue is now fixed!

/Artem

Lead Developer

SKM’s Wiki Engine Open Source

The aim behind SKM is to make software licensing more accessible. By making it simple, it becomes more accessible.

This led to the construction of a new Wiki page, which you can find here: help.skmapp.com.

The entire page is open source and does not require any server side (i.e. PHP/ASP.NET). You can find it here:

You can read more about open source at SKM: skmapp.com/open-source

skmhelp

How to keep your start-up safe?

When building a start-up company, it might be tempting to overlook some important security aspects. For example, do you commonly use public WiFi networks when you’re on the go? Do you enter your PIN securely? These are just some of the questions. This post aims to give you some basic ideas to think about and potentially to implement in your company. But remember: no matter how strong cryptography you are using – even if it unbreakable – the weakest link is the end user. So, it’s worthwhile to continuously educate the end users (eg. employees) about potential threats, as well as promote an open atmosphere that encourages communication between IT and the end users.

SKM does everything to keep your app as safe as possible, but it’s equally important to keep in mind things you can do to increase security. Remember – in case of uncertainty – always ask!

Office Guidelines

Depending on your office place, you may be exposed to various threats. For example, unauthorized people (eg. visitors, cleaning service, people from other departments) may pass by your desk, and if you happen to have confidential information on the desk, it may no longer be a secret. Or, what if you forgot to lock your PC…?

  • Lock Office & Computer: Always lock your PC when you leave your place. If it is possible, lock the office too.
  • Clean Desk Policy: Don’t leave stuff on your desk, for example, during a lunch break.
  • Personal Devices: Don’t set up your own WiFi or use personally owned devices.
  • Wear Security Badge: Always wear your security badge. When you spot people without one, walk them to security.
  • Never Let Unknown in: Never hold the door for people you don’t know. Be careful with tailgaters, i.e. people that get in right after someone else with access.
  • Printing Confidential Information: Do not print confidential information. Keep in mind that some printers store everything you print.

Password Guidelines

A common mistake is to use the same password on multiple websites. If one website gets compromised, all your other accounts will be endangered.

  • Unique for Critical Services: Although it’s a good practise to keep a unique password for all your accounts, not all websites might be critical to protect. You should, at the very least, have a unique password for your email, banking, and other accounts that contain sensitive information about you or your organization.
  • Two Factor Auth: For those websites that support two factor authentication (2FA), consider using it. Should your password be compromised, there is another level of authentication, one that is not as easily compromised as the password itself (unless you lose your phone, etc).
  • Password Design: The password should contain upper/lower case letters, numbers and symbols. It should not contain words from the dictionary (or their derivative). Eg. Pa$$w0rd is a bad password.

Smartphone Guidelines

A smartphone contains more sensitive information than we think: our email messages, passwords, documents downloaded from the cloud, pictures, personally identifiable information, and more. Therefore, it’s important take great care of it.

  • PIN: Lock the phone with a PIN or a password
  • Encryption: Encrypt the phone and any additional SD storage, if applicable.
  • Remote Wipe: Set up remote wipe and device tracking (eg. Android Device Manager, Exchange).
  • Shoulder Surfing: Prevent shoulder surfing. When entering the PIN, take some distance from others. Think of it as the PIN to your credit/debit card. Would you want people behind you to see it?

On the Go – Traveling Securely

By travelling, you are exposed to many more risks than in the office. Using public WiFi and shoulder surfing are just some of the examples that pose a threat.

  • Public WiFi: Public hotspots are usually not encrypted, which means everyone can see your activity. It’s better to use cellular connection, if applicable, or a secure network. But, always assume everything you do is being tracked.
  • VPN: Use VPN to encrypt all web traffic (eg. when you use a browser).
  • You are being Watched: Any time you are online, assume that you are being watched all the time: all the websites, the passwords, etc are scrutinized by a hacker. When visiting websites, ensure that you only use secure connections, i.e. those starting with https://.
  • Confidential Documents in Hotels: Always keep important documents close to you and don’t leave them openly on the desk. Think ‘clean desk policy’.
  • Your Neighbours: Keep in mind that people around you may intercept your conversations.
  • Unattended Device: Best rule of thumb, ‘don’t leave your device unattended’. This reduces the risk of theft. If you need to leave it, hide it (eg. in a car).
  • Shoulder Surfers: Be careful and take distance from people when entering you PIN, especially if it is used to encrypt the device.

Email Guidelines

A common misconception is to assume that emails are private. That’s far from reality. Emails you send across the internet are in plain text, readable by anyone. Note, internal email communication may or may not go through the internet (i.e. it might stay within the company), however, check this with IP dept.

  • Emails are Insecure: Assume everything you send by email can be read by everyone. Sensitive information should be sent in an encrypted form, for instance using PGP.
  • Security may be Dissolved: Even if you assume that emails don’t leave your company’s server, keep in mind that your colleagues may have their emails on their phones, tablets, etc. It’s enough for the hacker to compromise one of the devices to be able to intercept the communication. Therefore, always encrypt emails.
  • PGP Pitfalls: If you’ve come this far, ensure that you check the fingerprint of the certificate.

New License Key Panel

Today we’ve released a new license key overview panel, which you can access by clicking on a license key on the “product page”. It is a replacement of the page were you would normally be redirected when selecting a key and the “Advanced Key Details” page.

The current page uses our new Web API 3, which means that everything you can do on this page can be achieved in your code. Please keep in mind that it requires a ‘standard’ subscription (‘premium’ won’t work unfortunately).

A unique feature of this new license key panel is that is supports labels that can help you to distinguish between various properties of a license key. For example, you might already use ‘feature 1’ as a way to mark a license key as a trial key. You can specify this here. Our intention is to build on top of this idea and bring support for labels to the product page, etc. More labels are coming later this month.

This panel is still a work in progress, so if you would have any suggestions or questions, please let us know! Here’s our feedback form.

Activation Format Updated

The newest release of the SKM Platform (since 2016.06.27) is now supporting the new LicenseKey format, which is the default format of the Web API 3. This change has two implications: on Activation Forms and on the activation files on the product page.

  • Activation Forms – only new activation forms will be affected
  • Activation Files – the default is the new format.

To make this work in your application, please upgrade to SKM Client API (v.4.01). A good migration guide can be found here.

You are always welcome to ask us questions by contacting us!

A sample format of the new activation files is shown below:

{
  "productId": 3349,
  "id": 2,
  "key": "MTMPW-VZERP-JZVNZ-SCPZM",
  "created": "2015-08-27T00:00:00",
  "expires": "2016-07-27T00:00:00",
  "period": 30,
  "f1": true,
  "f2": false,
  "f3": false,
  "f4": true,
  "f5": false,
  "f6": false,
  "f7": false,
  "f8": false,
  "notes": "awdawd123",
  "block": false,
  "globalId": 24964,
  "customer": null,
  "activatedMachines": [
    {
      "mid": "foo",
      "ip": "10.1.1.2",
      "time": "2016-06-27T11:43:10.167"
    }
  ],
  "trialActivation": true,
  "maxNoOfMachines": 4,
  "allowedMachines": "",
  "dataObjects": [
    {
      "id": 61,
      "name": "artem",
      "stringValue": "",
      "intValue": 1337
    }
  ],
  "signDate": "2016-06-27T11:43:13",
  "signature": "RpFDLKvfv8fJHjpZ7xnFDtUPY8xbxVNzha8jDiYeZaz57d9V9URC8IBynFUky5w4Y2HmhjDQ6uxKh8nMJnivMkNQXmsGl8GFEN2tG4tMKie9KRFmOULh+rE4lCV2Ot1Aj9DT+m/+K0kqAzMfHIY+cMdulCxOdYmMafuP1tyxgUsSAVP04ax/pbHI9ps7YwPYMqAvCmrWKL+J4ITyA7CdnQkwDnEcTX6gTK0atJA2pk2fZMPW9RpCLYIVgrMa8nfc7x2mxIYDX7nN9GWZi+jdipbHFgc91KcmgSi7WzEl4gWRVk9aKsBDe+taolNst0uruCBKZiL+BNV84gG2mDBWzg=="
}