Android Developers announced on Tuesday in a post that they have released a licensing service for Android Market apps. The service aims to combat increased piracy of paid Android apps by implementing a system which checks Google's stored libraries of the apps bought by a certain user, and then authorizes the app's function based on what it finds.
Here is the explanation of what this new feature is and how it works from Android Developers:
This simple and free service provides a secure mechanism to manage access to all Android Market paid applications targeting Android 1.5 or higher. At run time, with the inclusion of a set of libraries provided by us, your application can query the Android Market licensing server to determine the license status of your users. It returns information on whether your users are authorized to use the app based on stored sales records.
This licensing service operating real time over the network provides more flexibility in choosing license-enforcement strategies, and a more secure approach in protecting your applications from unauthorized use, than copy protection.
Confused? Android Central tried to make it a bit easier to understand:
* Google sets up a special licensing server, which keeps record of application purchases.
* Developers can use libraries provided by Google that query this server each time the application is started.
* The server then tells the application if the user has a valid license to use the application.
AndroidGuys adds that Google will roll out their new system slowly over the next several months, in an effort to "replace the copy-protection mechanism currently in place."
App developers are encouraged by Android Developers "to check out the Licensing Your Applications section of our Developer Guide and the Android Market Help Center to learn how you can take advantage of this new service immediately."
As for security concerns, Android Developers also noted in a separate post that:
This capability has been in the Android Market client app since 1.5, so you don’t have to be running the latest Android flavor to use it.
It’s secure, based on a public/private key pair. Your requests to the server are signed with the public key and the responses from the server with the private key. There’s one key pair per publisher account.
Your app doesn’t talk directly to the licensing server; it IPCs to the Android Market client, which in turn takes care of talking to the server.
There’s a substantial tool-set that will ship with the SDK, the License Verification Library (LVL). It provides straightforward entry points for querying the server and handling results. Also, it includes modules that you can use to implement certain licensing policies that we expect to be popular.
Image from Android Developers