Android Market Licensing: Now Available!

[Trevor Johns]

Android fans,
For those of you who haven't already heard through our blog, we've
just launched the Android Market licensing service:

http://android-developers.blogspot.com/2010/07/licensing-service-for-android.html

From the above blog post:

"This simple and free service provides a secure mechanism to manage
access to all Android Market paid applications targeting Android 1.5
or higher. At run time, with the inclusion of a set of libraries
provided by us, your application can query the Android Market
licensing server to determine the license status of your users. It
returns information on whether your users are authorized to use the
app based on stored sales records."

Developer documentation is available here:

http://developer.android.com/guide/publishing/licensing.html

Happy coding!

--
Trevor Johns
Google Developer Programs, Android
http://developer.android.com

[Shane Isbell]

Very cool.

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-d...@googlegroups.com
To unsubscribe from this group, send email to
android-develop...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

--
Shane Isbell (Founder of ZappMarket)
http://apps.facebook.com/zappmarket/

[Maps.Huge.Info (Maps API Guru)]

Excellent! Now all we need is a subscription payment model and we can
actually make some money!

-John Coryat

[Anton Persson]

That, and the ability for folks to actually access the paid-for apps... 

Sweden, like probably many countries still, have no access to the paid apps... When will Google understand that this is critical for them to keep the momentum? If the status quo persists, people we give up, pack their bags and spend their money on iFruits instead...

    Regards

       Anton

[Kostya Vasilyev]

What's great is that it's available on all Android versions starting
with 1.5 (i.e. it's not a Froyo only feature).

-- Kostya

27.07.2010 21:55, Trevor Johns пишет:

--
Kostya Vasilev -- WiFi Manager + pretty widget -- http://kmansoft.wordpress.com

[sblantipodi]

excellent, is there some code sample on how to use this new apis?

On Jul 27, 8:42 pm, Kostya Vasilyev <kmans...@gmail.com> wrote:
> What's great is that it's available on all Android versions starting
> with 1.5 (i.e. it's not a Froyo only feature).
>
> -- Kostya
>
> 27.07.2010 21:55, Trevor Johns пишет:
>
>
>
> > Android fans,
> > For those of you who haven't already heard through our blog, we've
> > just launched the Android Market licensing service:
>

> >http://android-developers.blogspot.com/2010/07/licensing-service-for-...

[Trevor Johns]

Yes. There's a code sample that's bundled as part of the library download.

You'll find it in $SDK_ROOT/market_licensing/sample.

-- 
Trevor Johns

Google Developer Programs, Android

http://developer.android.com

[Kaj Bjurman]

I saw that entry, and have a question.

What will happen if the user doesn't have network connectivity? Many
users turn of data traffic when they travel to other countries, but
the probably still want to use the licensed applications.

On 27 Juli, 19:55, Trevor Johns <trevorjo...@google.com> wrote:
> Android fans,
> For those of you who haven't already heard through our blog, we've
> just launched the Android Market licensing service:
>

> http://android-developers.blogspot.com/2010/07/licensing-service-for-...

[Trevor Johns]

Developers can chose whether to implement response caching or not.

Assuming caching is enabled, we require a network connection for the first license check, but then the user can go offline for a period of time before requiring another license check.

-- 
Trevor Johns

Google Developer Programs, Android

http://developer.android.com

[Kostya Vasilyev]

Is caching implemented in the library or in the Market app?

I am concerned about potential abuse, such as replacing cache contents.

--
Kostya Vasilyev -- http://kmansoft.wordpress.com

28.07.2010 0:23 пользователь "Trevor Johns" <trevo...@google.com> написал:

Developers can chose whether to implement response caching or not.

Assuming caching is enabled, we require a network connection for the first license check, but then the user can go offline for a period of time before requiring another license check.

-- 
Trevor Johns

Google Developer Programs, Android

http://developer.android.com

On Tue, Jul 27, 2010 at 1:19 PM, Kaj Bjurman <kaj.b...@gmail.com> wrote:
>

> I saw that entry, ...

--
You received this message because you are subscribed to the Google

Groups "Android Developers" g...

[Trevor Johns]

It's implemented in the library.

Cache contents are protected using a swappable Obfuscator class. We include a standard obfuscator implementation that encrypts cache data using AES-256 and an application-specific key, along with a copy of the device ID. This prevents tampering with cache data, or replaying it across applications/devices. Developers are also free to implement their own Obfuscator if they so choose. (The cache itself contains timestamp data, so there's no point in replaying the cache data for the same application on the same device.)

-- 

Trevor Johns
Google Developer Programs, Android
http://developer.android.com

[Kostya Vasilyev]

OK, great. Thanks for the info.

--
Kostya Vasilyev -- http://kmansoft.wordpress.com

28.07.2010 0:55 пользователь "Trevor Johns" <trevo...@google.com> написал:

It's implemented in the library.

Cache contents are protected using a swappable Obfuscator class. We include a standard obfuscator implementation that encrypts cache data using AES-256 and an application-specific key, along with a copy of the device ID. This prevents tampering with cache data, or replaying it across applications/devices. Developers are also free to implement their own Obfuscator if they so choose. (The cache itself contains timestamp data, so there's no point in replaying the cache data for the same application on the same device.)

-- 
Trevor Johns
Google Developer Programs, Android
http://developer.android.com

On Tue, Jul 27, 2010 at 1:31 PM, Kostya Vasilyev <kman...@gmail.com> wrote:

>
> Is caching implemented in the library or in the Market app?
>

> I am concerned about potential a...

> You received this message because you are subscribed to the Google

> Groups "Android Developers" group.
> To post to this group, send email to android-developers@googl...

--

You received this message because you are subscribed to the Google

Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegro...

[Sebastian Rodriguez]

I agree with Anton Persson. When will Google realize that opening the paid market to all the other countries is crucial for the market environment :(

We don't have access to them here in Singapore either.

But this is a major step already, let's hope for even better!

Seb

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.

To post to this group, send email to android-d...@googlegroups.com
To unsubscribe from this group, send email to
android-develop...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

--
Sebastien Rodriguez

[sblantipodi]

I haven't understood if using this library external obfuscation
(proguard for example) is needed
for security reason or if we can avoid using external obfuscator, it's
quite a pain using proguard in netbeans plus android sdk.

On Jul 27, 10:24 pm, Sebastian Rodriguez <srodrig...@gmail.com> wrote:
> I agree with Anton Persson. When will Google realize that opening the paid
> market to all the other countries is crucial for the market environment :(
> We don't have access to them here in Singapore either.
>
> But this is a major step already, let's hope for even better!
>
> Seb
>

> > android-develop...@googlegroups.com<android-developers%2Bunsu...@googlegroups.com>

[Stephen Lebed]

I just wanted to say a big thank you!

Stephen

On Jul 27, 10:55 am, Trevor Johns <trevorjo...@google.com> wrote:
> Android fans,
> For those of you who haven't already heard through our blog, we've
> just launched the Android Market licensing service:
>

> http://android-developers.blogspot.com/2010/07/licensing-service-for-...

[William Ferguson]

ProGuard obfuscates your compiled code.
The Obfuscator referred to in the Licensing Server doc obfuscates
licensing info retrieved from AppMarket.

[MrChaz]

Great stuff,

I'll certainly be implementing this as soon as I can.

Thanks :)

On Jul 27, 6:55 pm, Trevor Johns <trevorjo...@google.com> wrote:
> Android fans,
> For those of you who haven't already heard through our blog, we've
> just launched the Android Market licensing service:
>

> http://android-developers.blogspot.com/2010/07/licensing-service-for-...

[Mark Carter]

I'm getting NOT_MARKET_MANAGED when using my own gmail account on my
N1 and using "Respond normally". The app is a paid app on the Android
Market. The only difference could be the app signature (I'm debugging
so not doing production signing). My gmail account was used to publish
the app and I have not purchased the app with it.

The other settings like "LICENSED" and "NOT LICENSED" work fine.

Another point (though a minor one) is that its very slow (when it
actually makes the connection). More than 5 secs on my wifi
connection. Is this normal?

On Jul 28, 9:23 am, William Ferguson <william.ferguson...@gmail.com>
wrote:

> > > > android-develop...@googlegroups.com<android-developers%2Bunsubs cr...@googlegroups.com>

[Mark Carter]

Seems that this call in AESObfuscator is taking a few seconds:

SecretKey tmp = factory.generateSecret(keySpec);

[dra...@gmail.com]

Really required in the Republic of Ireland too, Android devices are
getting quite popular here and the time has come to open the paid
market

On Jul 27, 9:24 pm, Sebastian Rodriguez <srodrig...@gmail.com> wrote:
> I agree with Anton Persson. When will Google realize that opening the paid
> market to all the other countries is crucial for the market environment :(
> We don't have access to them here in Singapore either.
>
> But this is a major step already, let's hope for even better!
>
> Seb
>

> > android-develop...@googlegroups.com<android-developers%2Bunsu...@googlegroups.com>

[Mark Carter]

Ok, just figured this out. The version code of the app I was testing was not one that was recognised by the Android Market. So, it is the combination of package name and version code that needs to have been published.

Its sort of explained in line 2317 of the docs :)

"Once an application is uploaded and becomes known to the licensing server, developers and testers can continue modify the application in their local development environment, without having to upload new versions. You only need to upload a new version if the local application increments the versionCode attribute in the manifest file."

[Tomáš Hubálek]

Please open Android Market to more countries. This is really cool
feature but currently useless for me.

And also I would be happy to use this for in-app purchase if possible.

Tom

On 28 čnc, 11:32, Mark Carter <mjc1...@googlemail.com> wrote:
> Ok, just figured this out. The version code of the app I was testing was not
> one that was recognised by the Android Market. So, it is the combination of
> package name and version code that needs to have been published.
>
> Its sort of explained in line 2317 of the docs :)
>
> "Once an application is uploaded and becomes known to the licensing server,
> developers and testers can continue modify the application in their local
> development environment, without having to upload new versions. You only
> need to upload a new version if the local application increments the
> versionCode attribute in the manifest file."
>

[sblantipodi]

Hi all...
When you bought my software you bought a license, this license can be
ported from android to other platform like Symbian, Winmob, bada,
JavaME, Blackberry...

Every customers who bought my license is registered on our database,
(email address and device id),
this let me generate a new activation code in case he want to switch
the license from android to xx platform.

Is there an easy way to update my database when a customer bought my
software with the email address and device id of the customer who
bought the software or legally activated it?

Thanks.

[gcstang]

Excellent!

Thank you

[Joseph Earl]

Not with this system as far as I'm aware - users will have to purchase
a new license when changing to a phone running a different OS.
You'll have to continue using your own system if you want this kind of
functionality.

[Joseph Earl]

Any chance you guys are working a solution for large applications that
will work across Android 1.5-2.1?
Currently the only secure way of doing it is by targeting Froyo only
(using 8 as minSdkVersion) - however it will be at least a year, more
likely 3, before this an acceptable solution to present to my clients
as they obviously want to target as large a market share as possible.

It seems to me this could be one of the big reasons that we don't see
many major games producers on the Android market.

The problems with the current system are:
1) Developer must provide web-server for the files and pay relevant
hosting and bandwidth charges. This is not workable for small
developers if the application is very large (100MBs) and popular as a
developer must shoulder all associated costs.
2) Users have to go through a second download process after installing
the app.
3) There is no security on the data stored on the SD card unless the
files are manually obfuscated or encrypted.

On Jul 27, 6:55 pm, Trevor Johns <trevorjo...@google.com> wrote:

> Android fans,
> For those of you who haven't already heard through our blog, we've
> just launched the Android Market licensing service:
>

> http://android-developers.blogspot.com/2010/07/licensing-service-for-...

[sblantipodi]

Joseph thanks for your reply, using my own system means that I can't
sell my software on the market.
Am I right?

[Joseph Earl]

Not necessarily.
Rather than force users to go to your site to purchase a license code/
key, you'd need to allow users to purchase from Android Market as
usual, and then ask them to enter the Google Checkout code when the
app first launches.
Your own system can then deal with verifying the Checkout code.

For app stores for other platforms you'd use their transaction codes
as well.
Once you've verified a platform-specific code you can always generate
your own one valid for all platforms and give it to the user to use if
they install your app on other platforms (or you could just let them
enter codes from any app-store on a device on any platform - e.g. a
user could enter a Google Checkout code on their iPhone if they had
first purchased from Android Market).

However yours is a very complicated approach to licensing - since you
allow your application to be installed on multiple platforms you need
to have a max limit on how many devices the user can have it installed
concurrently and also provide facilities to activate and de-activate
the license on each device, otherwise all you are validating is the
checkout code/serial key.
Since a user can just post this online, for most developers validation
of a code/key alone is not enough since the same key could be used
across 10,000 devices.

You should be thinking along the lines of something like the approach
iTunes uses for protected music with the ability to register and un-
register devices from a single account.

[Trevor Johns]

A third-party obfuscator is not strictly required, but it certainly adds an additional level of security. We even mention it in our developer docs:

The LVL provides a full Obfuscator implementation called AESObfuscator that uses AES encryption to obfuscate data. You can use AESObfuscator in your application without modification or you can adapt it to your needs. For more information, see the next section.

Alternatively, you can write a custom Obfuscator based on your own code or use an obfuscator program such as ProGuard for additional security.

-- 

Trevor Johns

Google Developer Programs, Android

http://developer.android.com

[Zsolt Vasvari]

I just posted my toughts on the integration process in a separate
thread on this forum, as I didn't want to hijack this one. It might
be interesting read for some people:

http://groups.google.com/group/android-developers/browse_thread/thread/d54f65beff467b26#