Android Market Licensing: Now Available!

Showing 1-101 of 101 messages
Android Market Licensing: Now Available! Trevor Johns (Google Developer Programs) 7/27/10 10:55 AM
Android fans,
For those of you who haven't already heard through our blog, we've
just launched the Android Market licensing service:

http://android-developers.blogspot.com/2010/07/licensing-service-for-android.html

From the above blog post:

"This simple and free service provides a secure mechanism to manage
access to all Android Market paid applications targeting Android 1.5
or higher. At run time, with the inclusion of a set of libraries
provided by us, your application can query the Android Market
licensing server to determine the license status of your users. It
returns information on whether your users are authorized to use the
app based on stored sales records."

Developer documentation is available here:

http://developer.android.com/guide/publishing/licensing.html

Happy coding!

--
Trevor Johns
Google Developer Programs, Android
http://developer.android.com
Re: [android-developers] Android Market Licensing: Now Available! Shane Isbell 7/27/10 11:03 AM
Very cool.


--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-d...@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en



--
Shane Isbell (Founder of ZappMarket)
http://apps.facebook.com/zappmarket/
Re: Android Market Licensing: Now Available! John Coryat 7/27/10 11:25 AM
Excellent! Now all we need is a subscription payment model and we can
actually make some money!

-John Coryat
Re: [android-developers] Re: Android Market Licensing: Now Available! pltxtra 7/27/10 11:39 AM
That, and the ability for folks to actually access the paid-for apps... 

Sweden, like probably many countries still, have no access to the paid apps... When will Google understand that this is critical for them to keep the momentum? If the status quo persists, people we give up, pack their bags and spend their money on iFruits instead...

    Regards
       Anton


--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-d...@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Android Market Licensing: Now Available! Kostya Vasilyev 7/27/10 11:42 AM
What's great is that it's available on all Android versions starting
with 1.5 (i.e. it's not a Froyo only feature).

-- Kostya

27.07.2010 21:55, Trevor Johns пишет:


--
Kostya Vasilev -- WiFi Manager + pretty widget -- http://kmansoft.wordpress.com

Re: Android Market Licensing: Now Available! sblantipodi 7/27/10 11:55 AM
excellent, is there some code sample on how to use this new apis?

On Jul 27, 8:42 pm, Kostya Vasilyev <kmans...@gmail.com> wrote:
> What's great is that it's available on all Android versions starting
> with 1.5 (i.e. it's not a Froyo only feature).
>
> -- Kostya
>
> 27.07.2010 21:55, Trevor Johns пишет:
>
>
>
> > Android fans,
> > For those of you who haven't already heard through our blog, we've
> > just launched the Android Market licensing service:
>
> >http://android-developers.blogspot.com/2010/07/licensing-service-for-...
Re: [android-developers] Re: Android Market Licensing: Now Available! Trevor Johns (Google Developer Programs) 7/27/10 12:05 PM
Yes. There's a code sample that's bundled as part of the library download.

You'll find it in $SDK_ROOT/market_licensing/sample.

-- 
Trevor Johns
Google Developer Programs, Android

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-d...@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en





Re: Android Market Licensing: Now Available! Kaj Bjurman 7/27/10 1:19 PM
I saw that entry, and have a question.

What will happen if the user doesn't have network connectivity? Many
users turn of data traffic when they travel to other countries, but
the probably still want to use the licensed applications.



On 27 Juli, 19:55, Trevor Johns <trevorjo...@google.com> wrote:
> Android fans,
> For those of you who haven't already heard through our blog, we've
> just launched the Android Market licensing service:
>
> http://android-developers.blogspot.com/2010/07/licensing-service-for-...
Re: [android-developers] Re: Android Market Licensing: Now Available! Trevor Johns (Google Developer Programs) 7/27/10 1:22 PM
Developers can chose whether to implement response caching or not.

Assuming caching is enabled, we require a network connection for the first license check, but then the user can go offline for a period of time before requiring another license check.

-- 
Trevor Johns
Google Developer Programs, Android
http://developer.android.com


--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-d...@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en




Re: [android-developers] Re: Android Market Licensing: Now Available! Kostya Vasilyev 7/27/10 1:31 PM

Is caching implemented in the library or in the Market app?

I am concerned about potential abuse, such as replacing cache contents.

--
Kostya Vasilyev -- http://kmansoft.wordpress.com

28.07.2010 0:23 пользователь "Trevor Johns" <trevo...@google.com> написал:


Developers can chose whether to implement response caching or not.

Assuming caching is enabled, we require a network connection for the first license check, but then the user can go offline for a period of time before requiring another license check.

-- 
Trevor Johns
Google Developer Programs, Android
http://developer.android.com



On Tue, Jul 27, 2010 at 1:19 PM, Kaj Bjurman <kaj.b...@gmail.com> wrote:
>
> I saw that entry, ...

--
You received this message because you are subscribed to the Google
Groups "Android Developers" g...

Re: [android-developers] Re: Android Market Licensing: Now Available! Trevor Johns (Google Developer Programs) 7/27/10 1:53 PM
It's implemented in the library.

Cache contents are protected using a swappable Obfuscator class. We include a standard obfuscator implementation that encrypts cache data using AES-256 and an application-specific key, along with a copy of the device ID. This prevents tampering with cache data, or replaying it across applications/devices. Developers are also free to implement their own Obfuscator if they so choose. (The cache itself contains timestamp data, so there's no point in replaying the cache data for the same application on the same device.)

-- 
Trevor Johns
Google Developer Programs, Android
http://developer.android.com

Groups "Android Developers" group.
To post to this group, send email to android-d...@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en





Re: [android-developers] Re: Android Market Licensing: Now Available! Kostya Vasilyev 7/27/10 2:01 PM

OK, great. Thanks for the info.

--
Kostya Vasilyev -- http://kmansoft.wordpress.com

28.07.2010 0:55 пользователь "Trevor Johns" <trevo...@google.com> написал:


It's implemented in the library.

Cache contents are protected using a swappable Obfuscator class. We include a standard obfuscator implementation that encrypts cache data using AES-256 and an application-specific key, along with a copy of the device ID. This prevents tampering with cache data, or replaying it across applications/devices. Developers are also free to implement their own Obfuscator if they so choose. (The cache itself contains timestamp data, so there's no point in replaying the cache data for the same application on the same device.)



-- 
Trevor Johns
Google Developer Programs, Android
http://developer.android.com

On Tue, Jul 27, 2010 at 1:31 PM, Kostya Vasilyev <kman...@gmail.com> wrote:

>
> Is caching implemented in the library or in the Market app?
>
> I am concerned about potential a...

> You received this message because you are subscribed to the Google

> Groups "Android Developers" group.
> To post to this group, send email to android-developers@googl...






--

You received this message because you are subscribed to the Google

Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegro...

Re: [android-developers] Re: Android Market Licensing: Now Available! Sebastian Rodriguez 7/27/10 1:24 PM
I agree with Anton Persson. When will Google realize that opening the paid market to all the other countries is crucial for the market environment :(
We don't have access to them here in Singapore either.

But this is a major step already, let's hope for even better!

Seb


--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-d...@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en



--
Sebastien Rodriguez
Re: Android Market Licensing: Now Available! sblantipodi 7/27/10 2:44 PM
I haven't understood if using this library external obfuscation
(proguard for example) is needed
for security reason or if we can avoid using external obfuscator, it's
quite a pain using proguard in netbeans plus android sdk.

On Jul 27, 10:24 pm, Sebastian Rodriguez <srodrig...@gmail.com> wrote:
> I agree with Anton Persson. When will Google realize that opening the paid
> market to all the other countries is crucial for the market environment :(
> We don't have access to them here in Singapore either.
>
> But this is a major step already, let's hope for even better!
>
> Seb
>
> > android-developers+unsubscribe@googlegroups.com<android-developers%2Bunsubscribe@googlegroups.com>
Re: Android Market Licensing: Now Available! Stephen Lebed 7/27/10 10:36 PM
I just wanted to say a big thank you!

Stephen


On Jul 27, 10:55 am, Trevor Johns <trevorjo...@google.com> wrote:
> Android fans,
> For those of you who haven't already heard through our blog, we've
> just launched the Android Market licensing service:
>
> http://android-developers.blogspot.com/2010/07/licensing-service-for-...
Re: Android Market Licensing: Now Available! William Ferguson 7/28/10 12:23 AM
ProGuard obfuscates your compiled code.
The Obfuscator referred to in the Licensing Server doc obfuscates
licensing info retrieved from AppMarket.
Re: Android Market Licensing: Now Available! MrChaz 7/28/10 1:33 AM
Great stuff,

I'll certainly be implementing this as soon as I can.

Thanks :)

On Jul 27, 6:55 pm, Trevor Johns <trevorjo...@google.com> wrote:
> Android fans,
> For those of you who haven't already heard through our blog, we've
> just launched the Android Market licensing service:
>
> http://android-developers.blogspot.com/2010/07/licensing-service-for-...
Re: Android Market Licensing: Now Available! Mark Carter 7/28/10 1:34 AM
I'm getting NOT_MARKET_MANAGED when using my own gmail account on my
N1 and using "Respond normally". The app is a paid app on the Android
Market. The only difference could be the app signature (I'm debugging
so not doing production signing). My gmail account was used to publish
the app and I have not purchased the app with it.

The other settings like "LICENSED" and "NOT LICENSED" work fine.

Another point (though a minor one) is that its very slow (when it
actually makes the connection). More than 5 secs on my wifi
connection. Is this normal?

On Jul 28, 9:23 am, William Ferguson <william.ferguson...@gmail.com>
wrote:
> > > > android-developers+unsubscribe@googlegroups.com<android-developers%2Bunsubs cr...@googlegroups.com>
Re: [android-developers] Re: Android Market Licensing: Now Available! Mark Carter 7/28/10 1:40 AM
Seems that this call in AESObfuscator is taking a few seconds:

SecretKey tmp = factory.generateSecret(keySpec);
Re: Android Market Licensing: Now Available! dra...@gmail.com 7/28/10 2:11 AM
Really required in the Republic of Ireland too, Android devices are
getting quite popular here and the time has come to open the paid
market

On Jul 27, 9:24 pm, Sebastian Rodriguez <srodrig...@gmail.com> wrote:
> I agree with Anton Persson. When will Google realize that opening the paid
> market to all the other countries is crucial for the market environment :(
> We don't have access to them here in Singapore either.
>
> But this is a major step already, let's hope for even better!
>
> Seb
>
> > android-developers+unsubscribe@googlegroups.com<android-developers%2Bunsubscribe@googlegroups.com>
Re: [android-developers] Re: Android Market Licensing: Now Available! Mark Carter 7/28/10 2:32 AM
Ok, just figured this out. The version code of the app I was testing was not one that was recognised by the Android Market. So, it is the combination of package name and version code that needs to have been published.

Its sort of explained in line 2317 of the docs :)

"Once an application is uploaded and becomes known to the licensing server, developers and testers can continue modify the application in their local development environment, without having to upload new versions. You only need to upload a new version if the local application increments the versionCode attribute in the manifest file."


On 28 July 2010 10:34, Mark Carter <mjc...@googlemail.com> wrote:
I'm getting NOT_MARKET_MANAGED when using my own gmail account on my
N1 and using "Respond normally". The app is a paid app on the Android
Market. The only difference could be the app signature (I'm debugging
so not doing production signing). My gmail account was used to publish
the app and I have not purchased the app with it.

The other settings like "LICENSED" and "NOT LICENSED" work fine.

Another point (though a minor one) is that its very slow (when it
actually makes the connection). More than 5 secs on my wifi
connection. Is this normal?
Re: Android Market Licensing: Now Available! Tomáš Hubálek 7/28/10 2:44 AM
Please open Android Market to more countries. This is really cool
feature but currently useless for me.

And also I would be happy to use this for in-app purchase if possible.

Tom

On 28 čnc, 11:32, Mark Carter <mjc1...@googlemail.com> wrote:
> Ok, just figured this out. The version code of the app I was testing was not
> one that was recognised by the Android Market. So, it is the combination of
> package name and version code that needs to have been published.
>
> Its sort of explained in line 2317 of the docs :)
>
> "Once an application is uploaded and becomes known to the licensing server,
> developers and testers can continue modify the application in their local
> development environment, without having to upload new versions. You only
> need to upload a new version if the local application increments the
> versionCode attribute in the manifest file."
>
Re: Android Market Licensing: Now Available! sblantipodi 7/28/10 4:44 AM
Hi all...
When you bought my software you bought a license, this license can be
ported from android to other platform like Symbian, Winmob, bada,
JavaME, Blackberry...

Every customers who bought my license is registered on our database,
(email address and device id),
this let me generate a new activation code in case he want to switch
the license from android to xx platform.

Is there an easy way to update my database when a customer bought my
software with the email address and device id of the customer who
bought the software or legally activated it?

Thanks.
Re: Android Market Licensing: Now Available! gc 7/28/10 6:37 AM
Excellent!

Thank you
Re: Android Market Licensing: Now Available! Joseph Earl 7/28/10 9:01 AM
Not with this system as far as I'm aware - users will have to purchase
a new license when changing to a phone running a different OS.
You'll have to continue using your own system if you want this kind of
functionality.
Re: Android Market Licensing: Now Available! Joseph Earl 7/28/10 9:24 AM
Any chance you guys are working a solution for large applications that
will work across Android 1.5-2.1?
Currently the only secure way of doing it is by targeting Froyo only
(using 8 as minSdkVersion) - however it will be at least a year, more
likely 3, before this an acceptable solution to present to my clients
as they obviously want to target as large a market share as possible.

It seems to me this could be one of the big reasons that we don't see
many major games producers on the Android market.

The problems with the current system are:
1) Developer must provide web-server for the files and pay relevant
hosting and bandwidth charges. This is not workable for small
developers if the application is very large (100MBs) and popular as a
developer must shoulder all associated costs.
2) Users have to go through a second download process after installing
the app.
3) There is no security on the data stored on the SD card unless the
files are manually obfuscated or encrypted.

On Jul 27, 6:55 pm, Trevor Johns <trevorjo...@google.com> wrote:
> Android fans,
> For those of you who haven't already heard through our blog, we've
> just launched the Android Market licensing service:
>
> http://android-developers.blogspot.com/2010/07/licensing-service-for-...
>
> From the above blog post:
>
> "This simple and free service provides a secure mechanism to manage
> access to all Android Market paid applications targeting Android 1.5
> or higher. At run time, with the inclusion of a set of libraries
> provided by us, your application can query the Android Market
> licensing server to determine the license status of your users. It
> returns information on whether your users are authorized to use the
> app based on stored sales records."
>
> Developer documentation is available here:
>
> http://developer.android.com/guide/publishing/licensing.html
>
> Happy coding!
>
> --
> Trevor Johns
> Google Developer Programs, Androidhttp://developer.android.com
This message has been hidden because it was flagged for abuse.
Re: Android Market Licensing: Now Available! Joseph Earl 7/28/10 10:33 AM
Not necessarily.
Rather than force users to go to your site to purchase a license code/
key, you'd need to allow users to purchase from Android Market as
usual, and then ask them to enter the Google Checkout code when the
app first launches.
Your own system can then deal with verifying the Checkout code.

For app stores for other platforms you'd use their transaction codes
as well.
Once you've verified a platform-specific code you can always generate
your own one valid for all platforms and give it to the user to use if
they install your app on other platforms (or you could just let them
enter codes from any app-store on a device on any platform - e.g. a
user could enter a Google Checkout code on their iPhone if they had
first purchased from Android Market).

However yours is a very complicated approach to licensing - since you
allow your application to be installed on multiple platforms you need
to have a max limit on how many devices the user can have it installed
concurrently and also provide facilities to activate and de-activate
the license on each device, otherwise all you are validating is the
checkout code/serial key.
Since a user can just post this online, for most developers validation
of a code/key alone is not enough since the same key could be used
across 10,000 devices.

You should be thinking along the lines of something like the approach
iTunes uses for protected music with the ability to register and un-
register devices from a single account.
Re: [android-developers] Re: Android Market Licensing: Now Available! Trevor Johns (Google Developer Programs) 7/28/10 2:44 PM
A third-party obfuscator is not strictly required, but it certainly adds an additional level of security. We even mention it in our developer docs:

The LVL provides a full Obfuscator implementation called AESObfuscator that uses AES encryption to obfuscate data. You can use AESObfuscator in your application without modification or you can adapt it to your needs. For more information, see the next section.

Alternatively, you can write a custom Obfuscator based on your own code or use an obfuscator program such as ProGuard for additional security.

-- 
Trevor Johns
Google Developer Programs, Android
http://developer.android.com

On Tue, Jul 27, 2010 at 2:44 PM, sblantipodi <perini...@dpsoftware.org> wrote:
I haven't understood if using this library external obfuscation
(proguard for example) is needed
for security reason or if we can avoid using external obfuscator, it's
quite a pain using proguard in netbeans plus android sdk.

On Jul 27, 10:24 pm, Sebastian Rodriguez <srodrig...@gmail.com> wrote:
> I agree with Anton Persson. When will Google realize that opening the paid
> market to all the other countries is crucial for the market environment :(
> We don't have access to them here in Singapore either.
>
> But this is a major step already, let's hope for even better!
>
> Seb
>
> On 28 July 2010 04:19, Kaj Bjurman <kaj.bjur...@gmail.com> wrote:
>
>
>
> > I saw that entry, and have a question.
>
> > What will happen if the user doesn't have network connectivity? Many
> > users turn of data traffic when they travel to other countries, but
> > the probably still want to use the licensed applications.

>
> > On 27 Juli, 19:55, Trevor Johns <trevorjo...@google.com> wrote:
> > > Android fans,
> > > For those of you who haven't already heard through our blog, we've
> > > just launched the Android Market licensing service:
>
> > >http://android-developers.blogspot.com/2010/07/licensing-service-for-...
>
> > > From the above blog post:
>
> > > "This simple and free service provides a secure mechanism to manage
> > > access to all Android Market paid applications targeting Android 1.5
> > > or higher. At run time, with the inclusion of a set of libraries
> > > provided by us, your application can query the Android Market
> > > licensing server to determine the license status of your users. It
> > > returns information on whether your users are authorized to use the
> > > app based on stored sales records."
>
> > > Developer documentation is available here:
>
> > >http://developer.android.com/guide/publishing/licensing.html
>
> > > Happy coding!
>
> > > --
> > > Trevor Johns
> > > Google Developer Programs, Androidhttp://developer.android.com
>
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Android Developers" group.
> > To post to this group, send email to android-d...@googlegroups.com
> > To unsubscribe from this group, send email to
> > android-developers+unsubscribe@googlegroups.com<android-developers%2Bunsubscribe@googlegroups.com>
> > For more options, visit this group at
> >http://groups.google.com/group/android-developers?hl=en
>
> --
> Sebastien Rodriguez

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-d...@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en



Re: Android Market Licensing: Now Available! Zsolt Vasvari 7/28/10 4:48 PM
I just posted my toughts on the integration process in a separate
thread on this forum, as I didn't want to hijack this one.  It might
be interesting read for some people:

http://groups.google.com/group/android-developers/browse_thread/thread/d54f65beff467b26#

Re: Android Market Licensing: Now Available! sblantipodi 7/29/10 9:16 AM
With the new LVL we can have only one build for Free trial and for
Full version,
it's really "find your adjectives" that we need to upload two
identical copyes of the same software with different package name,
don't you think?
Re: Android Market Licensing: Now Available! Pent 7/30/10 8:24 AM
Building with eclipse it seems OK, but via Ant I get:

I/LicenseChecker( 2115): Binding to licensing service.
E/LicenseChecker( 2115): Could not bind to service.
W/ActivityManager(   85): Unable to start service Intent { act=av }:
not found

Any hints ?

Pent
Re: Android Market Licensing: Now Available! sblantipodi 7/30/10 10:10 AM
Re: [android-developers] Re: Android Market Licensing: Now Available! Xavier Ducrohet 7/30/10 10:41 AM
if you are using an emulator, make sure you use the "Google APIs"
add-on for API 8 (2.2) in revision 2.

Instructions for the setup:
http://developer.android.com/guide/publishing/licensing.html#acct-signin

> --
> You received this message because you are subscribed to the Google
> Groups "Android Developers" group.
> To post to this group, send email to android-d...@googlegroups.com
> To unsubscribe from this group, send email to
> android-developers+unsubscribe@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/android-developers?hl=en
>

--
Xavier Ducrohet
Android SDK Tech Lead
Google Inc.

Please do not send me questions directly. Thanks!

This message has been hidden because it was flagged for abuse.
Re: [android-developers] Re: Android Market Licensing: Now Available! Dianne Hackborn 7/30/10 12:01 PM
On Wed, Jul 28, 2010 at 9:24 AM, Joseph Earl <joseph...@gmail.com> wrote:
Any chance you guys are working a solution for large applications that
will work across Android 1.5-2.1?

No those platforms are already exist; it would make no sense to modify them to support new features.
 
Currently the only secure way of doing it is by targeting Froyo only
(using 8 as minSdkVersion) - however it will be at least a year, more
likely 3, before this an acceptable solution to present to my clients
as they obviously want to target as large a market share as possible.

You don't need to use minSdkVersion; you should use targetSdkVersion to say you are Froyo compatible, and devices on 2.2 and up can install it on the SD card.  This doesn't make you incompatible with older platforms.  (In fact you don't need to do that -- you can set min/target SDK to whatever you want, and just need to compile against the 2.2 SDK so you can use the new manifest attribute.)
 
3) There is no security on the data stored on the SD card unless the
files are manually obfuscated or encrypted.

Putting an app on SD card with 2.2 doesn't prevent others from reading it.  In fact, as the announcement about the licensing server says, we are moving completely away from forward-locking (read-protecting) apps.

If apps feel the need to protect their data, they can encrypt it themselves.

--
Dianne Hackborn
Android framework engineer
hac...@android.com

Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails.  All such questions should be posted on public forums, where I and others can see and answer them.

Re: [android-developers] Re: Android Market Licensing: Now Available! Shane Isbell 7/30/10 12:08 PM


On Fri, Jul 30, 2010 at 12:01 PM, Dianne Hackborn <hac...@android.com> wrote:
On Wed, Jul 28, 2010 at 9:24 AM, Joseph Earl <joseph...@gmail.com> wrote:
Any chance you guys are working a solution for large applications that
will work across Android 1.5-2.1?

No those platforms are already exist; it would make no sense to modify them to support new features.
 
Currently the only secure way of doing it is by targeting Froyo only
(using 8 as minSdkVersion) - however it will be at least a year, more
likely 3, before this an acceptable solution to present to my clients
as they obviously want to target as large a market share as possible.

You don't need to use minSdkVersion; you should use targetSdkVersion to say you are Froyo compatible, and devices on 2.2 and up can install it on the SD card.  This doesn't make you incompatible with older platforms.  (In fact you don't need to do that -- you can set min/target SDK to whatever you want, and just need to compile against the 2.2 SDK so you can use the new manifest attribute.)
 
3) There is no security on the data stored on the SD card unless the
files are manually obfuscated or encrypted.

Putting an app on SD card with 2.2 doesn't prevent others from reading it.  In fact, as the announcement about the licensing server says, we are moving completely away from forward-locking (read-protecting) apps.

If apps feel the need to protect their data, they can encrypt it themselves.
 
Does this mean that apps installed on SD card are not going to be able to store private data (Context.MODE_PRIVATE) on device?

--
Shane Isbell (Founder of ZappMarket)
http://apps.facebook.com/zappmarket/
Re: [android-developers] Re: Android Market Licensing: Now Available! Mark Murphy 7/30/10 12:13 PM
On Fri, Jul 30, 2010 at 3:08 PM, Shane Isbell <shane....@gmail.com> wrote:
> Does this mean that apps installed on SD card are not going to be able to
> store private data (Context.MODE_PRIVATE) on device?

AFAIK, the app's local files (e.g., getFilesDir()) is still in the
on-board flash, not on the SD card, even if the app is installed to
the SD card.

--
Mark Murphy (a Commons Guy)
http://commonsware.com | http://github.com/commonsguy
http://commonsware.com/blog | http://twitter.com/commonsguy

_Android Programming Tutorials_ Version 2.9 Available!

Re: [android-developers] Re: Android Market Licensing: Now Available! Dianne Hackborn 7/30/10 12:21 PM
On Fri, Jul 30, 2010 at 12:08 PM, Shane Isbell <shane....@gmail.com> wrote:
Does this mean that apps installed on SD card are not going to be able to store private data (Context.MODE_PRIVATE) on device?

No that is a totally different thing.  All installed apps have a private data directory, non-forward-locked, forward-locked, on-sd, or whatever else.

Re: Android Market Licensing: Now Available! Pent 7/31/10 3:12 AM
It was the obfuscation messing up this line in LicenceChecker:

new Intent(ILicensingService.class.getName()),

I changed this to

new Intent(ILicensingService.Stub.getDescriptor()),

and added a correspinding static function in ILicensingService.

Since the docs recommend obfuscation, I think the googlers should
change
that line.

Havn't finished testing yet but this has at least fixed the 'can't
bind' problem.

Pent
Re: Android Market Licensing: Now Available! skooter500 7/31/10 10:56 AM
This sounds great, but is completely useless to me as Im in Ireland
and no paid apps available to my potential users, so I've gone ahead
and made my own user registration and payment system based around
PayPal. A complete waste of my time, but what can ya do?

From Reto Meier:

"Unfortunately I can't give you a time-frame for paid app buyer or
seller support for Ireland either. The team working on that side of
things have a lot on their plates so getting even a rough estimate for
any specific country is near impossible."

Interesting that Apple, Microsoft, Paypal, Nokia etc can manage this
but Google can't even give me date when it might be available. Not
very professional. :-(

Bryan

On Jul 27, 7:39 pm, Anton Persson <don.juan...@gmail.com> wrote:
> That, and the ability for folks to actually access the paid-for apps...
>
> Sweden, like probably many countries still, have no access to the paid
> apps... When will Google understand that this is critical for them to keep
> the momentum? If the status quo persists, people we give up, pack their bags
> and spend their money on iFruits instead...
>
>     Regards
>        Anton
>
> On Tue, Jul 27, 2010 at 8:25 PM, Maps.Huge.Info (Maps API Guru) <
>
> cor...@gmail.com> wrote:
> > Excellent! Now all we need is a subscription payment model and we can
> > actually make some money!
>
> > -John Coryat
>
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Android Developers" group.
> > To post to this group, send email to android-d...@googlegroups.com
> > To unsubscribe from this group, send email to
> > android-developers+unsubscribe@googlegroups.com<android-developers%2Bunsubscribe@googlegroups.com>
Re: Android Market Licensing: Now Available! keyeslabs 7/31/10 2:21 PM
Speaking as someone who has traveled this road before with my own
implementation of basically the same approach, obfuscation will be
critical.  With AAL, it took about three days for someone to crack the
app.  The process looks something like this:  decompile the apk using
a freely available open source tool, find the code that invokes the
licensing check, skip it, recompile and repackage the apk.
Obsfucation will make this more difficult, but not all that tough
given the usage of intents for communication between LVL and the
market tool.

Don't get me wrong, I think that LVL will offer a much needed road
bump for pirates -- stealing apps will actually require a crack of
each app.  This is a viable approach to license verification and
that's why I took the same route with AAL months ago.  It certainly
seems like google could have gone further though.

The coverage of this has been very extensive in the press, and I would
guess the coverage of the first released crack within a week or two
will also make a fairly big splash, which won't look great for the
platform.

All told though, I think LVL is a positive step for the platform.
Speaking as someone that was seeing 90%+ piracy rates before
implementing something very similar to LVL in my own apps, I'm happy
to see google addressing the problem.

Dave Keyes




On Jul 27, 5:44 pm, sblantipodi <perini.dav...@dpsoftware.org> wrote:
> I haven't understood if using this library external obfuscation
> (proguard for example) is needed
> for security reason or if we can avoid using external obfuscator, it's
> quite a pain using proguard in netbeans plus android sdk.
>
> On Jul 27, 10:24 pm, Sebastian Rodriguez <srodrig...@gmail.com> wrote:
>
>
>
> > I agree with Anton Persson. When will Google realize that opening the paid
> > market to all the other countries is crucial for the market environment :(
> > We don't have access to them here in Singapore either.
>
> > But this is a major step already, let's hope for even better!
>
> > Seb
>
> > On 28 July 2010 04:19, Kaj Bjurman <kaj.bjur...@gmail.com> wrote:
>
> > > I saw that entry, and have a question.
>
> > > What will happen if the user doesn't have network connectivity? Many
> > > users turn of data traffic when they travel to other countries, but
> > > the probably still want to use the licensed applications.
>
> > > On 27 Juli, 19:55, Trevor Johns <trevorjo...@google.com> wrote:
> > > > Android fans,
> > > > For those of you who haven't already heard through our blog, we've
> > > > just launched the Android Market licensing service:
>
> > > >http://android-developers.blogspot.com/2010/07/licensing-service-for-...
>
> > > > From the above blog post:
>
> > > > "This simple and free service provides a secure mechanism to manage
> > > > access to all Android Market paid applications targeting Android 1.5
> > > > or higher. At run time, with the inclusion of a set of libraries
> > > > provided by us, your application can query the Android Market
> > > > licensing server to determine the license status of your users. It
> > > > returns information on whether your users are authorized to use the
> > > > app based on stored sales records."
>
> > > > Developer documentation is available here:
>
> > > >http://developer.android.com/guide/publishing/licensing.html
>
> > > > Happy coding!
>
> > > > --
> > > > Trevor Johns
> > > > Google Developer Programs, Androidhttp://developer.android.com
>
> > > --
> > > You received this message because you are subscribed to the Google
> > > Groups "Android Developers" group.
> > > To post to this group, send email to android-d...@googlegroups.com
> > > To unsubscribe from this group, send email to
> > > android-developers+unsubscribe@googlegroups.com<android-developers%2Bunsubs cr...@googlegroups.com>
> > > For more options, visit this group at
> > >http://groups.google.com/group/android-developers?hl=en
>
> > --
> > Sebastien Rodriguez
Re: Android Market Licensing: Now Available! sblantipodi 8/1/10 1:06 AM
I will bump that thread
http://groups.google.com/group/android-developers/browse_thread/thread/97e2ba40f258f21b
until I will get a reply.

Thanks :)
Re: Android Market Licensing: Now Available! Quintin Willison 7/30/10 5:18 AM
Just noticed this. Excellent news! Thanks.
Now to find some time to explore it... :)
Re: Android Market Licensing: Now Available! James W 8/2/10 1:00 AM
Yes absolutely.

Not really the ideal place to vent, but the delay in rolling out to
other countries is beyond ridiculous and incredibly frustrating.

It has got to be self defeating also.

I moved from England to Hong Kong, so now I cannot buy apps, I cannot
sell my apps, because HK is not supported.

What the hell are you playing at, Google? Don't you want my money?
Don't you want 30% of my take?

Do you really want me to leave in frustration, and develop for the
iPhone?

James

On Jul 28, 5:44 pm, Tomáš  Hubálek <tom.huba...@gmail.com> wrote:
> Please open Android Market to more countries. This is really cool
> feature but currently useless for me.
>
> And also I would be happy to use this for in-app purchase if possible.
>
> Tom
>
> On 28 čnc, 11:32, Mark Carter <mjc1...@googlemail.com> wrote:
>
>
>
> > Ok, just figured this out. The version code of the app I was testing was not
> > one that was recognised by the Android Market. So, it is the combination of
> > package name and version code that needs to have been published.
>
> > Its sort of explained in line 2317 of the docs :)
>
> > "Once an application is uploaded and becomes known to the licensing server,
> > developers and testers can continue modify the application in their local
> > development environment, without having to upload new versions. You only
> > need to upload a new version if the local application increments the
> > versionCode attribute in the manifest file."
>
> > On 28 July 2010 10:34, Mark Carter <mjc1...@googlemail.com> wrote:
>
> > > I'm getting NOT_MARKET_MANAGED when using my own gmail account on my
> > > N1 and using "Respond normally". The app is a paid app on the Android
> > > Market. The only difference could be the app signature (I'm debugging
> > > so not doing production signing). My gmail account was used to publish
> > > the app and I have not purchased the app with it.
>
> > > The other settings like "LICENSED" and "NOT LICENSED" work fine.
>
> > > Another point (though a minor one) is that its very slow (when it
> > > actually makes the connection). More than 5 secs on my wifi
> > > connection. Is this normal?- Hide quoted text -
>
> - Show quoted text -
Re: [android-developers] Re: Android Market Licensing: Now Available! Mark Carter 8/2/10 1:10 AM
AFAIK, whether you can sell apps or not is dictated by the country of your Google Developer account.

So if your Google Developer account (or is that Google account?) is registered in the UK, you can move to HK and still sell paid apps.


--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-d...@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: Android Market Licensing: Now Available! Zsolt Vasvari 8/2/10 4:45 PM
I can confirm that.  If you are a resident of country where you can
sell your apps from, meaning you have an address and a bank account,
you can still sell apps.  It's not like Google is checking your IP
address when you are uploading your app.

On Aug 2, 4:10 pm, Mark Carter <mjc1...@googlemail.com> wrote:
> AFAIK, whether you can sell apps or not is dictated by the country of your
> Google Developer account.
>
> So if your Google Developer account (or is that Google account?) is
> registered in the UK, you can move to HK and still sell paid apps.
>
> > android-developers+unsubscribe@googlegroups.com<android-developers%2Bunsubs­cribe@googlegroups.com>
> > For more options, visit this group at
> >http://groups.google.com/group/android-developers?hl=en- Hide quoted text -
Re: Android Market Licensing: Now Available! James W 8/3/10 2:17 AM
Thanks, guys. Of course, my UK bank accounts are currently pointing to
my HK address, but I guess I could change them back, or open another
UK based account.

Anyway, I will let my vent stand on behalf of everyone else in the
world who doesn't have that option!

Hate to say it, but if Apple can do it, why can't Google...?
> > >http://groups.google.com/group/android-developers?hl=en-Hide quoted text -
>
> > - Show quoted text -- Hide quoted text -
Re: [android-developers] Re: Android Market Licensing: Now Available! Tomáš Hubálek 8/3/10 2:32 AM
On Tue, Aug 3, 2010 at 11:17 AM, James W <jpbwe...@gmail.com> wrote:

Hate to say it, but if Apple can do it, why can't Google...?


Google don't want?

Tom 
Re: Android Market Licensing: Now Available! Mark Carter 8/3/10 2:33 AM
On a slightly different note - in case anyone was wondering...if a
user has paid for an app and then inserts a sim card from a non-paid
app country (so that he can no longer see paid apps on the Market),
the LVL still correctly returns that the user is licensed. I was
expecting this, but its good to know for sure...

Can anyone else double-check this?

I know quite a few users who temporarily insert sim cards to pay for
paid apps, and then immediately afterwards revert back to their non-
paid app sim cards.
Re: Android Market Licensing: Now Available! andreas...@googlemail.com 8/3/10 3:37 AM
On Jul 31, 11:21 pm, keyeslabs <keyes...@gmail.com> wrote:
> ... someone to crack the
> app.  The process looks something like this:  decompile the apk using
> a freely available open source tool, find the code that invokes the
> licensing check, skip it, recompile and repackage the apk.

Isn't there is a much simpler way to circumvent the whole thing due to
a security leak in the LVL process? (Please tell me I'm wrong!):

1) create a new google account, e. g. my.w...@googlemail.com
2) switch your Android phone to this account
3) Buy app, copy apk, request refund
4) Upload apk to warez server
5) Sell google account and password to interested downloaders. (e. g.
at a 50% discount compared to the original market price).

The reason for this is that the license check is google-account-based,
not device-based. Any device being linked to the google account the
app has been purchased with will run the app. The licensing mechansim
will change nothing in this behaviour.

Andreas
Re: [android-developers] Re: Android Market Licensing: Now Available! Mark Carter 8/3/10 3:43 AM
As soon as you request a refund then the license server will return NOT_LICENSED for that Google account.


--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-d...@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Re: Android Market Licensing: Now Available! Trevor Johns 8/3/10 7:25 PM
And even if you skip the "request refund" step, we'll see a large number of license checks for a single account in our logs.

So, not only can we disable that account, but we'll also know who was responsible. :P

-- 
Trevor Johns
Google Developer Programs, Android
Re: Android Market Licensing: Now Available! Mike Hearn 8/4/10 8:37 AM
On Jul 31, 11:21 pm, keyeslabs <keyes...@gmail.com> wrote:
> Speaking as someone who has traveled this road before with my own
> implementation of basically the same approach, obfuscation will be
> critical.  With AAL, it took about three days for someone to crack the
> app.

There are various ways to make this harder. I suggest reading Nate
Lawsons blog entries on the topic for an introduction:

http://rdist.root.org/2007/03/26/building-a-mesh-versus-a-chain/
http://rdist.root.org/2007/04/09/mesh-design-pattern-hash-and-decrypt/
http://rdist.root.org/2007/04/24/anti-debugging-techniques-of-the-past/
http://rdist.root.org/2007/04/19/anti-debugger-techniques-are-overrated/
http://rdist.root.org/2007/08/21/mesh-design-pattern-error-correction/
http://rdist.root.org/2007/10/05/c64-screen-memory-and-anti-debugging/
http://rdist.root.org/2008/04/11/designing-and-attacking-drm-talk-slides/

Android is a slightly different environment than traditional operating
systems in which obfuscation and anti-debugging techniques are highly
evolved, but then again, the monetary value of the apps are lower, so
you don't necessarily have to be as good as some of the really
professional copy protection schemes.

On the other hand, naive straightforward usage of the LVL won't prove
much of a barrier to attackers who want to pirate your app either. The
suggestion to use ProGuard is a good first step, but ProGuard is
ultimately just an optimizing compiler, not a professional obfuscator.

If you wish to go beyond ProGuard, you might want to check out
commercial obfuscators like Allatori. I've used it  - it was easy to
set up and produced pretty reasonable output.

However, pure Java level obfuscators will never prove a big challenge
to a skilled adversary - Java bytecode is just too limited to make
obfuscation easy.

A common technique in the PC world is to set up an interpreted
environment that runs encrypted machine code, and then do part of your
protection logic in this environment. It works well for a variety of
reasons.

If time, energy etc wasn't an issue and I decided to build a better
general purpose LVL/copy protect framework, I'd probably reimplement
the LVL checking code in C++, compile it to MIPS and then ship a
modified MIPS interpreter with the app that runs the protection logic
there. Other than confusing attackers by breaking decompilers/
disassemblers, the interpreter can use in-loop decryption so only the
currently executing opcode is in the clear, in memory. Ideally the key
would be a function of the licensing server responses, ie, not
available in the source code, but rather derived from the expected
environment.

There are lots more techniques that can be used with such a design to
make cracking the app harder. Nates blog entries discuss some, like
turbo codes.

Sufficiently strong obfuscation on the apps will push attackers
towards scamming the licensing servers rather than cracking each app
individually, eg by making them think you're authenticating from the
original device. However that's Googles problem to solve, not yours.
Re: Android Market Licensing: Now Available! mp6800 8/4/10 5:16 PM
Will there eventually be a way to obfuscate automatically during .apk
export in eclipse?  The ant method looks relatively easy to setup, but
I'd like to know if this is coming.  (Especially since it's /strongly
recommended/ in the docs)
Re: Android Market Licensing: Now Available! gb105 8/6/10 11:29 AM
As stated earlier obfuscating the app doesn't help much. It's easy to
find the license check in the byte code and change it, so the app is
not really protected. There is still much work left for the developer
to find a solution to prevent the app from working if it is not signed
with the original developer's key. The licensing solution does not
prevent rip-offs, I'm a bit disappointed.
Re: Android Market Licensing: Now Available! mp6800 8/8/10 2:20 PM
Perhaps, but you didn't answer my question.  Anybody else?

Also, in the included sample app, the license check is triggered
during onCreate.  This means that when I click "Buy App", go to the
market, then immediately hit the back button, it goes back to the app
and doesn't check again (at least not until the app is killed).
Wouldn't it be better to trigger the license check during onResume?
Or is it up to the dev to handle things when coming to the forefront
again?
unk...@googlegroups.com 8/18/10 12:21 PM <This message has been deleted.>
Re: Android Market Licensing: Now Available! Feelsocial 8/21/10 1:15 AM
Hi all,

I am facing the problem in licensing of my old published paid apps.
Basically i have paid app which is published by version code 1. I
implemented the license code on it, it working fine to me. Licensing
server giving the response or allow that you can use it. But once i
changed version code from 1 to 2 in manifest file, then licensing
service not allow to use the app.Server giving the response dont
allow. I not understanderd, y it has relation with version code? i
can't publish the update version.???

Moreover, i am already login to my publisher account, i have setting
of LICENSED in edit profile section.

Is any body can help me?...... Helppppp

On Jul 28, 1:19 am, Kaj Bjurman <kaj.bjur...@gmail.com> wrote:
> I saw that entry, and have a question.
>
> What will happen if the user doesn't have network connectivity? Many
> users turn of data traffic when they travel to other countries, but
> the probably still want to use the licensed applications.
>
> On 27 Juli, 19:55, Trevor Johns <trevorjo...@google.com> wrote:
>
> > Android fans,
> > For those of you who haven't already heard through our blog, we've
> > just launched the Android Market licensing service:
>
> >http://android-developers.blogspot.com/2010/07/licensing-service-for-...
>
> > From the above blog post:
>
> > "This simple and free service provides a secure mechanism to manage
> > access to all Android Market paid applications targeting Android 1.5
> > or higher. At run time, with the inclusion of a set of libraries
> > provided by us, your application can query the Android Market
> > licensing server to determine the license status of your users. It
> > returns information on whether your users are authorized to use the
> > app based on stored sales records."
>
> > Developer documentation is available here:
>
> >http://developer.android.com/guide/publishing/licensing.html
>
> > Happy coding!
>
Re: Android Market Licensing: Now Available! String 8/21/10 2:29 AM
I think you need to upload an APK with versioncode="2" to your Market
console. You don't need to publish it, but you do need to upload and
save that version before LVL will give a correct response for it.

String
Re: [android-developers] Re: Android Market Licensing: Now Available! Feelsocial 8/21/10 3:00 AM
Thx String 4 reply. I will try your recomendation . I will upload my new updated version app on market but not publish it. And then test, the licensing server response. I hope its will work fine to me...

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-d...@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: Android Market Licensing: Now Available! H.K 8/20/10 5:45 AM
very good
Re: Android Market Licensing: Now Available! neptune2000 8/21/10 6:16 PM
Do you obfuscate the URLs that contact the Android Market Licensing
server? If you do not, the first thing that the crackers will do is
replace your server URLs with bogus ones with a a hex editor, and your
whole system is dead in the water. Please advise.

On Jul 27, 1:53 pm, Trevor Johns <trevorjo...@google.com> wrote:
> It's implemented in the library.
>
> Cache contents are protected using a swappable Obfuscator class. We include
> a standard obfuscator implementation that encrypts cache data using AES-256
> and an application-specific key, along with a copy of the device ID. This
> prevents tampering with cache data, or replaying it across
> applications/devices. Developers are also free to implement their own
> Obfuscator if they so choose. (The cache itself contains timestamp data, so
> there's no point in replaying the cache data for the same application on the
> same device.)
>
> --
> Trevor Johns
> Google Developer Programs, Androidhttp://developer.android.com
>
>
>
> On Tue, Jul 27, 2010 at 1:31 PM, Kostya Vasilyev <kmans...@gmail.com> wrote:
> > Is caching implemented in the library or in the Market app?
>
> > I am concerned about potential abuse, such as replacing cache contents.
>
> > --
> > Kostya Vasilyev --http://kmansoft.wordpress.com
>
> > 28.07.2010 0:23 пользователь "Trevor Johns" <trevorjo...@google.com>
> > написал:
>
> > Developers can chose whether to implement response caching or not.
>
> > Assuming caching is enabled, we require a network connection for the first
> > license check, but then the user can go offline for a period of time before
> > requiring another license check.
>
> > --
> > Trevor Johns
> > Google Developer Programs, Android
> >http://developer.android.com
>
> > On Tue, Jul 27, 2010 at 1:19 PM, Kaj Bjurman <kaj.bjur...@gmail.com>
> > wrote:
>
> > > I saw that entry, ...
>
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Android Developers" g...
>
> >  --
> > You received this message because you are subscribed to the Google
> > Groups "Android Developers" group.
> > To post to this group, send email to android-d...@googlegroups.com
> > To unsubscribe from this group, send email to
> > android-developers+unsubscribe@googlegroups.com<android-developers%2Bunsubs cr...@googlegroups.com>
This message has been hidden because it was flagged for abuse.
Re: Android Market Licensing: Now Available! keyeslabs 8/24/10 1:20 PM
Seems like I was unfortunately very right on this prediction.  Just
off by a few days :).

LVL is flawed in the same ways that AAL (and other similar approaches)
is flawed.  Google could do better, and I hope that they will.
Obfuscation isn't really going to do much to improve the situation.
What is really needed is O/S-level and app store support for signing
apps (in real time) based on user credentials, application authors,
and phone characteristics.  The dependence on the android market app
is a single point of failure that is too easy to search for and find
regardless of how obfuscated your code is.

From a technical standpoint, LVL will help to some degree, but I've
got to think that in terms of P.R., Google did themselves more harm
than good here.

Dave

On Jul 31, 5:21 pm, keyeslabs <keyes...@gmail.com> wrote:
> Speaking as someone who has traveled this road before with my own
> implementation of basically the same approach, obfuscation will be
> critical.  With AAL, it took about three days for someone to crack the
> app.  The process looks something like this:  decompile the apk using
> a freely available open source tool, find the code that invokes the
> licensing check, skip it, recompile and repackage the apk.
> Obsfucation will make this more difficult, but not all that tough
> given the usage of intents for communication betweenLVLand the
> market tool.
>
> Don't get me wrong, I think thatLVLwill offer a much needed road
> bump for pirates -- stealing apps will actually require a crack of
> each app.  This is a viable approach to license verification and
> that's why I took the same route with AAL months ago.  It certainly
> seems like google could have gone further though.
>
> The coverage of this has been very extensive in the press, and I would
> guess the coverage of the first released crack within a week or two
> will also make a fairly big splash, which won't look great for the
> platform.
>
> All told though, I thinkLVLis a positive step for the platform.
> Speaking as someone that was seeing 90%+ piracy rates before
> implementing something very similar toLVLin my own apps, I'm happy
Re: Android Market Licensing: Now Available! Carl Whalley 8/24/10 8:59 PM
I'm curious about something regarding signing. If someone does as this
hack shows and patches the apk, they need to resign the new build. If
they then put this version out and its widely distributed, can't
Google see the certificate used to resign it, compare with the
original and just revoke the new one? Following that, what actually
happens if a user then tries to install an app signed with a revoked
cert via non-Market means?
Re: [android-developers] Re: Android Market Licensing: Now Available! Dianne Hackborn 8/25/10 12:36 AM
On Tue, Aug 24, 2010 at 8:59 PM, Carl Whalley <carl.w...@googlemail.com> wrote:
I'm curious about something regarding signing. If someone does as this
hack shows and patches the apk, they need to resign the new build. If
they then put this version out and its widely distributed, can't
Google see the certificate used to resign it, compare with the
original and just revoke the new one? Following that, what actually
happens if a user then tries to install an app signed with a revoked
cert via non-Market means?

What do you mean by revoke a cert?  Android uses self-signed certs, and Google is not a signing authority.  And we definitely don't apply filters to applications people install through side-loading.

--
Dianne Hackborn
Android framework engineer
hac...@android.com

Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails.  All such questions should be posted on public forums, where I and others can see and answer them.

Re: [android-developers] Re: Android Market Licensing: Now Available! Dianne Hackborn 8/25/10 12:40 AM
On Tue, Aug 24, 2010 at 1:20 PM, keyeslabs <keye...@gmail.com> wrote:
LVL is flawed in the same ways that AAL (and other similar approaches)
is flawed.  Google could do better, and I hope that they will.
Obfuscation isn't really going to do much to improve the situation.
What is really needed is O/S-level and app store support for signing
apps (in real time) based on user credentials, application authors,
and phone characteristics.  The dependence on the android market app
is a single point of failure that is too easy to search for and find
regardless of how obfuscated your code is.

I'm curious, how do you see this helping much?  We are already to the point of people having to modify an app to pirate it.  Once you do that, you need to strip the credentials off anyway and sign it with your own cert.
 
From a technical standpoint, LVL will help to some degree, but I've
got to think that in terms of P.R., Google did themselves more harm
than good here.

LVL wasn't done for PR, but to have a better solution to forward locking, and which eliminates many of the problems of forward locking that have been causing trouble for a long time.

Re: [android-developers] Re: Android Market Licensing: Now Available! Mark Carter 8/25/10 12:51 AM
One thing that would help would be to remove the dependency on the Android Market app and open up the licensing system to support sales outside of the Android Market. The aim here is for devs to have a simple way to support Android devices that don't have the Market app, not to avoid the 30% cut. Google could charge for the non-Market licenses, if they so wish.
Re: [android-developers] Re: Android Market Licensing: Now Available! Dianne Hackborn 8/25/10 1:31 AM
On Wed, Aug 25, 2010 at 12:51 AM, Mark Carter <mjc...@googlemail.com> wrote:
One thing that would help would be to remove the dependency on the Android Market app and open up the licensing system to support sales outside of the Android Market. The aim here is for devs to have a simple way to support Android devices that don't have the Market app, not to avoid the 30% cut. Google could charge for the non-Market licenses, if they so wish.

Er I was referring to helping protect apps against piracy. :}

And as far as supporting devices that don't have the market app...  really?  You want to do that?  Support your app running on devices that haven't passed CTS, have no limits on hardware (such as screen sizes), and do who knows what when your application calls its APIs?

Anyway, we are pretty focused around Market for app delivery, and Market is playing an increasing role in helping developers with that by doing things like filtering apps to compatible devices and much much more in the future.  Cutting out Market would most likely result in a pretty poor experience for both users and developers.

Re: [android-developers] Re: Android Market Licensing: Now Available! Mark Carter 8/25/10 1:56 AM
On 25 August 2010 10:31, Dianne Hackborn <hac...@android.com> wrote:
Er I was referring to helping protect apps against piracy. :}

I would hope LVL supporting more devices should help against piracy ;)

On 25 August 2010 10:31, Dianne Hackborn <hac...@android.com> wrote: 
And as far as supporting devices that don't have the market app...  really?  You want to do that?  Support your app running on devices that haven't passed CTS, have no limits on hardware (such as screen sizes), and do who knows what when your application calls its APIs?

Yes, I want a simple way to reach out to a market that is likely to be tens (hundreds?) of millions of users in a couple of years' time. 

I see lots of tablets out there that don't run Android Market but run my app fine (unless I enable LVL, of course).

However, I'm more interested in the Chinese market.

Looking at it another way - I spend loads of time working around device-specific issues on devices that HAVE passed CTS, so what's the difference?

Let's suppose a non-CTS device is released and it breaks loads of apps in the Market. Then people won't buy that device. So the more popular devices will probably be sufficiently compatible.

On 25 August 2010 10:31, Dianne Hackborn <hac...@android.com> wrote: 
Anyway, we are pretty focused around Market for app delivery, and Market is playing an increasing role in helping developers with that by doing things like filtering apps to compatible devices and much much more in the future.  Cutting out Market would most likely result in a pretty poor experience for both users and developers.

It's not about cutting out the Market - Google has done that by not supporting paid apps in all but 13 countries. It's about giving devs a licensing solution to sales made to users who cannot purchase paid apps through the Market app (either because the Market app does not exist or because their SIM card has the wrong country code).
Re: Android Market Licensing: Now Available! Carl Whalley 8/25/10 3:11 AM
That's clearer, thanks.
Presumably if you upload apps hacked this way to the Market, your
account will get pulled. And since this is the only way of getting
apps into the Market it remains safe?

On Aug 25, 8:36 am, Dianne Hackborn <hack...@android.com> wrote:
> On Tue, Aug 24, 2010 at 8:59 PM, Carl Whalley
> <carl.whal...@googlemail.com>wrote:
>
> > I'm curious about something regarding signing. If someone does as this
> > hack shows and patches the apk, they need to resign the new build. If
> > they then put this version out and its widely distributed, can't
> > Google see the certificate used to resign it, compare with the
> > original and just revoke the new one? Following that, what actually
> > happens if a user then tries to install an app signed with a revoked
> > cert via non-Market means?
>
> What do you mean by revoke a cert?  Android uses self-signed certs, and
> Google is not a signing authority.  And we definitely don't apply filters to
> applications people install through side-loading.
>
> --
> Dianne Hackborn
> Android framework engineer
> hack...@android.com
Re: Android Market Licensing: Now Available! Mike Hearn 8/25/10 5:16 AM
> LVL is flawed in the same ways that AAL (and other similar approaches)
> is flawed.  Google could do better, and I hope that they will.

I think it's wrong to focus on what Google could or could not do here.
Did you read my reply to your original mail? If so what did you think
of it?

All copy protection systems have two parts - something they bind to,
and the obfuscation that makes it harder to rip that binding out.

Most video games bind to a genuine DVD. Some games, like those
distributed via Xbox Live Arcade, bind to licensing data from an
online market, which is closer to what Android apps are doing.

So there are obviously two ways copy protection schemes get cracked.
One is that the binding is removed - the obfuscation wasn't good
enough. That's what was being done in the recently published tutorial.
In that case there was no obfuscation at all! Another way is that the
thing the program binds to is swapped out for a duplicate, eg in the
PC world DVD emulation drivers are often used. For Android this
approach means getting a valid license the app accepts in some non-
valid manner.

> Obfuscation isn't really going to do much to improve the situation.

Obfuscation is the only thing that will improve this situation! The
two pronged attack is split down the middle - LVL makes obfuscation
your problem and preventing illegitimate licenses being vended Googles
problem.

Fortunately there's lots of room for creative people to create
interesting obfuscations, either custom for their own product or as a
third party developer who sells copy protection solutions.
Re: Android Market Licensing: Now Available! keyeslabs 8/25/10 5:25 AM
I don't completely buy the assertion that PR wasn't part of the
equation in designing,  announcing, blogging, and writing press
releases about LVL.   Piracy is one of the biggest thorns in the side
of Android at the moment.  If Google doesn't recognize that as both a
technical AND a PR problem, then the platform is in for a very bumpy
ride from an application developer's perspective.

Regardless of whether LVL was intended to be presented as "the
solution to piracy", that's how it came off.  That was my point in my
original prediction -- we're all setting ourselves up for the
perception of failure.  And, here we are...



On Aug 25, 3:40 am, Dianne Hackborn <hack...@android.com> wrote:
> On Tue, Aug 24, 2010 at 1:20 PM, keyeslabs <keyes...@gmail.com> wrote:
> > LVL is flawed in the same ways that AAL (and other similar approaches)
> > is flawed.  Google could do better, and I hope that they will.
> > Obfuscation isn't really going to do much to improve the situation.
> > What is really needed is O/S-level and app store support for signing
> > apps (in real time) based on user credentials, application authors,
> > and phone characteristics.  The dependence on the android market app
> > is a single point of failure that is too easy to search for and find
> > regardless of how obfuscated your code is.
>
> I'm curious, how do you see this helping much?  We are already to the point
> of people having to modify an app to pirate it.  Once you do that, you need
> to strip the credentials off anyway and sign it with your own cert.
>
> > From a technical standpoint, LVL will help to some degree, but I've
> > got to think that in terms of P.R., Google did themselves more harm
> > than good here.
>
> LVL wasn't done for PR, but to have a better solution to forward locking,
> and which eliminates many of the problems of forward locking that have been
> causing trouble for a long time.
>
> --
> Dianne Hackborn
> Android framework engineer
> hack...@android.com
Re: Android Market Licensing: Now Available! keyeslabs 8/25/10 8:13 AM
> All copy protection systems have two parts - something they bind to,
> and the obfuscation that makes it harder to rip that binding out.

This is basically correct, if you assume that things like encryption
are bundled under the umbrella of obfuscation.

> So there are obviously two ways copy protection schemes get cracked.
> One is that the binding is removed - the obfuscation wasn't good
> enough. That's what was being done in the recently published tutorial.
> In that case there was no obfuscation at all!

This isn't true.  If you look back at the article on AndroidPolice
proguard was used on at least one of the applications.  Furthermore,
my contention has been all along that code obfuscation is not going to
protect apps all that well.  Manual LVL modification might be able to
make it difficult for "auto-crack" scripts to remove LVL without human
intervention, but I think that regular old obfuscation is going to not
be very effective.

> Obfuscation is the only thing that will improve this situation! The
> two pronged attack is split down the middle - LVL makes obfuscation
> your problem and preventing illegitimate licenses being vended Googles
> problem.

Again, my contention is that something stronger than obfuscation is
needed to lock the APK down.  OS-level APK encryption support in
addition to license verification.   I would like to see us get to the
point that users must choose to root the phone (similar to Apple) in
order to use pirated apps.  Better yet, users must root the phone and
in so doing remove the legal ability to access some desirable piece of
software.

I realize that it's easy for me to rant on about what I want, and very
difficult for Google to strike the right balance between open and
lucrative.  My fear at this point is that we're establishing a culture
of piracy on Android that is going to be difficult to turn around.

Dave
Re: [android-developers] Re: Android Market Licensing: Now Available! Dianne Hackborn 8/25/10 9:59 AM
On Wed, Aug 25, 2010 at 1:56 AM, Mark Carter <mjc...@googlemail.com> wrote:
Yes, I want a simple way to reach out to a market that is likely to be tens (hundreds?) of millions of users in a couple of years' time. 

I see lots of tablets out there that don't run Android Market but run my app fine (unless I enable LVL, of course).

I think we can assume that Market will be on tablets.  Tablets that meet the compatibility requirements, of course.
 
However, I'm more interested in the Chinese market.
Looking at it another way - I spend loads of time working around device-specific issues on devices that HAVE passed CTS, so what's the difference?

Ummm...  an order of magnitude, I'd say. :}  Honestly, I don't think you realize how much is being done to keep the devices consistent for developers via CTS, CDD, and the Market.  When you get outside of that, it's going to be a whole lot more crazy.
 
Let's suppose a non-CTS device is released and it breaks loads of apps in the Market. Then people won't buy that device. So the more popular devices will probably be sufficiently compatible.

I don't think that is so clear.  Most users who paid for their device see it working fine.  They install your app.  It breaks.  Who do they blame?  Most likely your app.

Anyway, this is a pretty theoretical discussion.  Going through the work of implementing a Market-based payment/licensing system for stuff not acquired through the Market is significantly lower on our priority list than many other things.  It would be much better to use that time on improving market, expanding the supported countries, developing more support for device configurations, etc.
 
It's not about cutting out the Market - Google has done that by not supporting paid apps in all but 13 countries. It's about giving devs a licensing solution to sales made to users who cannot purchase paid apps through the Market app (either because the Market app does not exist or because their SIM card has the wrong country code).

Yes, so expanding the supported countries would be good.  I don't see how one can imagine that dedicating the resources to some generic licensing solution (which is completely different than the current one since it couldn't be tied to the user paying through market but something else) would be a better use of time.

In fact, other people already have such things on other app stores.  Why not just use them?  What would Market give you here at all?

--
Dianne Hackborn
Android framework engineer
hac...@android.com
Re: [android-developers] Re: Android Market Licensing: Now Available! Dianne Hackborn 8/25/10 10:04 AM
On Wed, Aug 25, 2010 at 8:13 AM, keyeslabs <keye...@gmail.com> wrote:
Again, my contention is that something stronger than obfuscation is
needed to lock the APK down.  OS-level APK encryption support in
addition to license verification.   I would like to see us get to the
point that users must choose to root the phone (similar to Apple) in
order to use pirated apps.  Better yet, users must root the phone and
in so doing remove the legal ability to access some desirable piece of
software.

Yeah there we are.  As far as I can see, the next step in preventing piracy is to not allow users to install apps outside of Market at all.

We're not going to do that.

If there are other suggestions that will actually make things harder without doing that, I would certainly like to hear them.  At this point people need to modify apps; once they are doing that, there aren't too many more things to do except make it harder to remove the illegal use check code out of the app.
 
I realize that it's easy for me to rant on about what I want, and very
difficult for Google to strike the right balance between open and
lucrative.  My fear at this point is that we're establishing a culture
of piracy on Android that is going to be difficult to turn around.

Um there is a culture of piracy *everywhere*. :}

If you are saying that because you think most people are pirating Android apps...  I think your perception of things is probably pretty off.  I know lots of people who have Android devices, and none of them even think of turning on the option to install from external sources, let alone go out and find pirated apps.

Re: [android-developers] Re: Android Market Licensing: Now Available! Dianne Hackborn 8/25/10 10:05 AM
On Wed, Aug 25, 2010 at 5:25 AM, keyeslabs <keye...@gmail.com> wrote:
I don't completely buy the assertion that PR wasn't part of the
equation in designing,  announcing, blogging, and writing press
releases about LVL.   Piracy is one of the biggest thorns in the side
of Android at the moment.  If Google doesn't recognize that as both a
technical AND a PR problem, then the platform is in for a very bumpy
ride from an application developer's perspective.

I think I'll bow out of this discussion.  It looks like you are trying to read the worst in what I write, so I don't think there is much more useful we can discuss here.

--
Dianne Hackborn
Android framework engineer
hac...@android.com
Re: [android-developers] Re: Android Market Licensing: Now Available! Kostya Vasilyev 8/25/10 10:13 AM
 25.08.2010 21:04, Dianne Hackborn пишет:

> If there are other suggestions that will actually make things harder
> without doing that, I would certainly like to hear them.
Um, make the Market App side of LVL check that the application making
LVL calls is signed with the same key as the .apk uploaded to Developer
Home?

Seems this would make attacks based on code modifications pretty much
impossible, since a modified .apk is signed with a different key from
the developer's.

--
Kostya Vasilev -- WiFi Manager + pretty widget -- http://kmansoft.wordpress.com


Re: Android Market Licensing: Now Available! keyeslabs 8/25/10 10:21 AM
Sorry if things are coming off that way Dianne.  I'm passionate about
this topic (obviously), but I only admire and respect you (in
particular) and the Android team in general.  You've saved my butt
more than once.  :)

I'm invested here.  I'm all in on Android and success of the platform
matters to me.  I want you to succeed just as much as I'm assuming you
want developers to succeed.

On Aug 25, 1:05 pm, Dianne Hackborn <hack...@android.com> wrote:
> On Wed, Aug 25, 2010 at 5:25 AM, keyeslabs <keyes...@gmail.com> wrote:
> > I don't completely buy the assertion that PR wasn't part of the
> > equation in designing,  announcing, blogging, and writing press
> > releases about LVL.   Piracy is one of the biggest thorns in the side
> > of Android at the moment.  If Google doesn't recognize that as both a
> > technical AND a PR problem, then the platform is in for a very bumpy
> > ride from an application developer's perspective.
>
> I think I'll bow out of this discussion.  It looks like you are trying to
> read the worst in what I write, so I don't think there is much more useful
> we can discuss here.
>
> --
> Dianne Hackborn
> Android framework engineer
> hack...@android.com
Re: Android Market Licensing: Now Available! strazzere 8/25/10 10:31 AM
I'm not sure how this would make code modification impossible?

You patch the application, make it always return a "yes, it was ok" to
the licensing service inside the apk. Application then requests
authentication, it fails, failure comes to application which still
continues to say "yes, it was ok".

So yes, your going to have the market return a fail always, but if
you've patched the application to *not* care, how is that actually
helping?

-Tim
Re: Android Market Licensing: Now Available! keyeslabs 8/25/10 10:33 AM
> Yeah there we are.  As far as I can see, the next step in preventing piracy
> is to not allow users to install apps outside of Market at all.
>
> We're not going to do that.

That's not what I was picturing.  Isn't there some way that we could
do both?  Apps downloaded from market could be encrypted and only
decrypted by the OS when used (in real time, never decrypted and left
as an open APK on the device).  I guess what I'm looking for is the
market to encrypt and sign an APK in real time for a particular user/
phone when downloaded.  Each download would result in different bytes
for each user/phone

This doesn't necessarily preclude the installation of unencrypted apps
does it?  I totally agree that we need app distribution capabilities
outside the context of Android Market -- it's a necessity for an open
platform.

In a nutshell, what I'm hoping LVL can grow into is a system that
packages license verification in a way that is really really hard to
remove.  It seems like we've got half of that equation nicely under
way with LVL in its current form.

Dave

On Aug 25, 1:04 pm, Dianne Hackborn <hack...@android.com> wrote:
> hack...@android.com
Re: Android Market Licensing: Now Available! keyeslabs 8/25/10 10:46 AM
> Um there is a culture of piracy *everywhere*. :}
>
> If you are saying that because you think most people are pirating Android
> apps...  I think your perception of things is probably pretty off.  I know
> lots of people who have Android devices, and none of them even think of
> turning on the option to install from external sources, let alone go out and
> find pirated apps.

You're correct.  My perception could very well be off.  Without a
doubt I see VERY high piracy rates on my software in Android market
(see here: bit.ly/9ZYrh7).  In my paranoid mind I've always
distributed this tendency towards piracy uniformly across the Android
user base.

I think that it's a good point that this is likely NOT true though.
As many have pointed out, piracy is motivated by different things,
including the inability to purchase from the market, over-priced apps,
etc.  These motivations don't exist everywhere or for every app, and
so my guess is that there are piracy hot spots around the globe.

Actually, that would be a very interesting study.  I think that I may
even have the raw data to do it for my own app.  My app tracks coarse-
grained (city-level) location information, and I think that I could
extract that same information from Google Checkout records.  I smell a
weekend going up in smoke... :)

Dave

On Aug 25, 1:04 pm, Dianne Hackborn <hack...@android.com> wrote:
> hack...@android.com
Re: [android-developers] Re: Android Market Licensing: Now Available! antlers 8/25/10 10:50 AM
Encrypting the .apk is like forward-locking; it is easily defeated on
rooted phones.
Re: [android-developers] Re: Android Market Licensing: Now Available! Mark Carter 8/25/10 10:55 AM
How about allowing the dev to specify response int values in the Dev Console?

The recent "crack" script would (probably) not be able to work out which code means what. Therefore, a pirate would have to crack each app individually.

That's right isn't it? The automation only works because LICENSED is always the same int value...

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-d...@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: Android Market Licensing: Now Available! keyeslabs 8/25/10 12:48 PM
Isn't that only because the APK gets decrypted and written to "disk"
as opposed to only being done in transient memory as the application
is launched?  There's an application startup overhead obviously to
decrypting the APK on-the-fly, but seems like a much higher bar than
just cp /data/app/foo.apk...

Dave

On Aug 25, 1:50 pm, Michael MacDonald <googlec...@antlersoft.com>
wrote:
Re: [android-developers] Re: Android Market Licensing: Now Available! frankw 8/25/10 1:17 PM
Maybe this is a dumb question, but what are some ROI benchmarks for
piracy prevention (for Android apps)?

For example, if a publisher spends X dollars on piracy prevention
(however effective it may be) the revenue goes up (or down) by Y
dollars.

Just curious if piracy prevention is more objective or more
subjective, in other words does it improve the bottom line or just
make you feel good.

Another interesting question is what kinds and levels of piracy
prevention maximize Y/X.

Re: [android-developers] Re: Android Market Licensing: Now Available! Kostya Vasilyev 8/25/10 1:41 PM
 Tim,

Removing or stubbing calls to licensing service inside Market App is
difficult, since those calls use encrypted responses. This is not
trivial to mess with.

The LVL library and the application, or the communication between them,
is the easier point of attack.  In fact, the original blog post
described a hack that messed with the way the application communicated
with the LVL.

A hack that is not overly complicated makes an application that still
communicates with Android Market, but, because of code changes, is
signed with a new key. This is the case that can be detected.

-- Kostya

25.08.2010 21:31, strazzere пишет:


--
Kostya Vasilyev -- WiFi Manager + pretty widget -- http://kmansoft.wordpress.com

Re: Android Market Licensing: Now Available! Eric F 8/25/10 2:17 PM
I agree and I don't see how people are missing this valuable point you
make Mark.

Currently we are at: crackers must modify the program code to allow
piracy

From here there are two ways to make piracy more difficult:
A) Make secure, non-rooted phones reject apps so that even a cracked
app won't run on a stock phone
B) Make crackers actually have to write code instead of just flip a
dalvik op somewhere

The problem with A is that for every app name SuperCoolWidget, there
could exist an app called SuperAwesomeWidget that has the same code
minus the call to LVL, so Google would have to disallow all non-market
apps to really make this work. Also, say for example they *did* want
to pursue this route. Obviously disabling side-loading isn't on the
table. But if say you wanted to check an applications full name
com.appdev.android.supercoolwidget etc to make sure that it isn't on
the market and doesn't have a checkmark that says "prevent
sideloading". Then at the very least now phones need a valid internet
connection to side load an app. So it's not going to be just a war
against pirates it's also to some extend degrading honest customers'
experiences.

I think the reliance on binder -> Market probably is going to make
automated cracks a little easier for pirates since I feel like these
kinds of calls will be easy to automatically find in apps.

So the final security measure B) is to simply make the hackers have to
write code. Granted I'm no security expert, but it seems to me that
the only thing that can be done is on the google LVL server. You can
upload a simple java class with a function that takes in:

Some basic information about the device the app is supposedly
installed on, possibly something time based like an integer that is
based on the date that the security policy of the app would determine
as the expiration date of the last LVL authentication. And returns an
array of bytes. The function wouldn't have access to any java
threading etc, and would be limited to a short runtime or something.

Then developers would have to make a call to LVL, then do something
like getSettings().setImportantSetting(lvlResponseData[5] +
lvlResponseData[1] - phone.DeviceSpecificInformation +
lvlAuthExpirationDateInt)

Where the online service feeds it data that will balance out with the
code in the apk to actually result in the value the setting is
supposed to have. really it becomes like a complex captcha for
crackers. They can still crack an app. But more importantly is the
actual obfuscation, like say you need a 5 in your code, you could use
an LVL web service which knows the specifics of your app to generate a
5 as well as generate the server side function that outputs the data
necessary.

So that hackers would have to figure out each time you update your app
how to crack it manually. That is what will actually stop the value of
piracy. Updates. If your app receives constant updates but people
pirating your app have to stick with an old one because the hackers
can't be bothered to keep cracking your app over and over again that
is the only way.

Of course I don't really see it being worth it, but I don't see any
other way to make the system more secure without moving a piece of
your code into the cloud.

-E
> > android-developers+unsubscribe@googlegroups.com<android-developers%2Bunsubs cr...@googlegroups.com>
Re: Android Market Licensing: Now Available! Feelsocial 8/25/10 9:31 PM
Hi String , i have uploaded and saved my new licensed version 2 of my
application on market. And testing on my emulator but its still not
allowing. My version 2 is still not published? Moreover, application
licensed version 1 was running fine.Help me plzz..

Thanks,



On Aug 21, 2:29 pm, String <sterling.ud...@googlemail.com> wrote:
> I think you need to upload an APK with versioncode="2" to your Market
> console. You don't need to publish it, but you do need to upload and
> save that version before LVL will give a correct response for it.
>
> String
>
> On Aug 21, 9:15 am, Feelsocial <feelsocial.andr...@gmail.com> wrote:
>
> > Hi all,
>
> > I am facing the problem in licensing of my old published paid apps.
> > Basically i have paid app which is published by version code 1. I
> > implemented the license code on it, it working fine to me. Licensing
> > server giving the response or allow that you can use it. But once i
> > changed version code from 1 to 2 in manifest file, then licensing
> > service not allow to use the app.Server giving the response dont
> > allow. I not understanderd, y it has relation with version code? i
> > can't publish the update version.???
>
> > Moreover, i am already login to my publisher account, i have setting
> > of LICENSED in edit profile section.
>
> > Is any body can help me?...... Helppppp
Re: Android Market Licensing: Now Available! keyeslabs 8/26/10 1:50 PM
Had time to take a look at this raw data.  You can see results here if
you're interested.  Some things surprised me: http://bit.ly/bSaoBe.
Re: Android Market Licensing: Now Available! Feelsocial 8/26/10 8:44 PM
HI Trevor Johns. i am testing in AVD of froyo 2.2 (Google API) and
login with my market account in google account. The question is that
when i changed the my app version from 1 to 2, google licensing server
not allowing me to use app. Where when i again change it to 2 from 1,
its allowin me to use app. So in short, app version 1 is working fine
where app version 2 not.What mistake i am doing ? Please help me....

THANKS...
Re: Android Market Licensing: Now Available! String 8/26/10 11:11 PM
I suggest you start a new thread for this issue; this "sticky" topic
is better used for generalized discussion of LVL, not debugging of
individual issues.

String
Re: Android Market Licensing: Now Available! Nicolas Thibaut 8/28/10 3:02 PM
I have implemented the LVL to send event on private webservices each
time the market respond an NOT ALLOWED.

Five minutes after the submission to android market, some events were
throwed.
How can this be possible ?

how a pirated app can be updated 5 minutes after a submission ?
Re: Android Market Licensing: Now Available! Mike Hearn 9/1/10 11:32 AM
> In a nutshell, what I'm hoping LVL can grow into is a system that
> packages license verification in a way that is really really hard to
> remove.  It seems like we've got half of that equation nicely under
> way with LVL in its current form.

The sort of anti-piracy system you're after is essentially what games
consoles use - it's very easy for the developer, in fact, they need do
nothing at all and (for games distributed online) they are piracy
proof.

But the costs of this system are enormous, and problematically, fall
squarely on the device manufacturer (Microsoft/Sony). If Android were
to try and adopt this sort of scheme, you can forget about

- Competing hardware vendors
- Frequent new hardware releases
- Cost-competitive devices (ie they'd be more expensive than the
iPhone)
- Open source

Android obviously chose to go down the route of having a competitive
hardware and software space, at the cost of having piracy.

There is a phone platform that matches the above criteria, the iPhone,
but Apple didn't bother to make the investment in security required so
you get all the downsides and none of the upsides.

> That's not what I was picturing.  Isn't there some way that we could
> do both?  Apps downloaded from market could be encrypted and only
> decrypted by the OS when used (in real time, never decrypted and left
> as an open APK on the device).

This is easily defeated by modifying the (open source!) runtime to
dump the decrypted version.

Worse, once done it applies to every app. We're back to the universal
crack.

The reason I keep harping on about strong, app specific code
obfuscation etc is precisely because you DO need to encrypt your app
but you DON'T want to do it the same way as everyone else, which an
Android provided solution would imply.

Nothing says there can't be a PC-style reusable toolkit that you can
easily integrate into your app, but it'd be provided by third parties
rather than the Android project.

Re: Android Market Licensing: Now Available! Droid 9/3/10 3:15 AM
The sample App (android-sdk-windows\market_licensing\sample) red lines
on :

import com.android.vending.licensing.AESObfuscator;
import com.android.vending.licensing.LicenseChecker;
import com.android.vending.licensing.LicenseCheckerCallback;
import com.android.vending.licensing.ServerManagedPolicy;

in my set-up. No idea where these classes are. My fault I am sure....


On Jul 28, 5:01 pm, Joseph Earl <joseph.w.e...@gmail.com> wrote:
> Not with this system as far as I'm aware - users will have to purchase
> a new license when changing to a phone running a different OS.
> You'll have to continue using your own system if you want this kind of
> functionality.
>
> On Jul 28, 12:44 pm, sblantipodi <perini.dav...@dpsoftware.org> wrote:
>
>
>
> > Hi all...
> > When you bought my software you bought a license, this license can be
> > ported from android to other platform like Symbian, Winmob, bada,
> > JavaME, Blackberry...
>
> > Every customers who bought my license is registered on our database,
> > (email address and device id),
> > this let me generate a new activation code in case he want to switch
> > the license from android to xx platform.
>
> > Is there an easy way to update my database when a customer bought my
> > software with the email address and device id of the customer who
> > bought the software or legally activated it?
>
> > Thanks.
Re: Android Market Licensing: Now Available! Droid 9/3/10 3:30 AM
Oh, OK, found it now. I have to reference the library project to get
rid of import red squiggles.
Re: Android Market Licensing: Now Available! pilot...@gmail.com 9/3/10 4:31 AM
Have you had a look here?

http://developer.android.com/guide/publishing/licensing.html

Greets

Nicholas
Re: Android Market Licensing: Now Available! Lance Nanek 9/5/10 12:03 AM


>how a pirated app can be updated 5 minutes after a submission ?

I actually have seen a repeatable case where the Market app will start
tracking an app as if it were purchased when it wasn't. Back when my
G1 was running Android 1.5, I had one of my paid apps installed
already, then tried to buy it in the Market to test if purchasing was
working correctly. This results in an error during the checkout
process because you can't buy your own app, so there is no charge to
your Google Checkout account, but after that error, the Market app
started treating the install as if it had been done by the Market app.
It let me post a comment, etc. whereas it hadn't before. This was
fixed in later versions, but I'm just bringing it up as an example of
where the Market app on the phone can behave as if you own something
that presumably the Google servers know you don't.

Additionally, I've seen threads elsewhere by people with rooted phones
where they were intentionally changing things in the Market app's
database. This was being done to fix the problem where the Market
never starts a download. I get that a lot myself, but I don't have any
rooted phones, so I'm stuck doing the clear various app's data from
the settings magic ritual to fix that problem. But, anyway, I'm just
bringing this second thing up as an example of where some phone owners
intentionally manipulate the Market app's database. I've also seen
people list the database schema it uses as well.

In conclusion, I wouldn't be surprised if it were possible to tweak
the Market app database on a rooted phone to make it think it had
installed an app that was really obtained via piracy. Thereafter it
might offer to update the app automatically, just like any other app
it had installed.

Phew, there's probably a simpler situation out there that is more
likely, but that's an interesting one that comes to mind.

People do scrape the market automatically for information to make
market listing web sites. Maybe others' scrape it automatically to
pull down any app as it appears in the just in section.
Re: Android Market Licensing: Now Available! Mark Carter 10/26/10 6:55 AM
On some Motorola devices, I get an NPE when calling
LicenseChecker.onDestroy():

android.os.MessageQueue.enqueueMessage:183
android.os.Looper.quit:173
com.android.vending.licensing.LicenseChecker.onDestroy:281

Example device:

Motorola CLIQ / DEXT
model: MB200
display: CUPCAKE.1.4.8

Also:

Motorola CLIQ XT / Quench
model: MB501
display: CUPCAKE.1.31.44

Doesn't seem to happen on any other devices...

Any ideas?
This message has been hidden because it was flagged for abuse.
More topics »