1 page.title=Licensing Overview 2 parent.title=Application Licensing 3 parent.link=index.html 4 @jd:body 5 6 7 <div id="qv-wrapper"> 8 <div id="qv"> 9 10 <h2>Quickview</h2> 11 <ul> 12 <li>Licensing allows you to verify your app was purchased from Google Play</li> 13 <li>Your app maintains control of how it enforces its licensing status</li> 14 <li>The service is free for all developers who publish on Google Play</li> 15 </ul> 16 17 <h2>In this document</h2> 18 <ol> 19 <li><a href="#Secure">License Responses are Secure</a></li> 20 <li><a href="#LVL">Licensing Verification Library</a></li> 21 <li><a href="#Reqs">Requirements and Limitations</a></li> 22 <li><a href="#CopyProtection">Replacement for Copy Protection</a></li> 23 </ol> 24 25 </div> 26 </div> 27 28 29 <p>Google Play Licensing is a network-based service that lets an application query a trusted 30 Google Play licensing server to determine whether the application is licensed to the current 31 device user. The licensing service is based on the capability of the Google Play licensing server 32 to determine whether a given user is licensed to use a given application. Google Play considers a 33 user to be licensed if the user is a recorded purchaser of the application.</p> 34 35 <p>The request starts when your application makes a request to a service hosted by 36 the Google Play client application. The Google Play application then sends a request to 37 the licensing server and receives the result. The Google Play application sends 38 the result to your application, which can allow or disallow further use of the 39 application as needed.</p> 40 41 <p class="note"><strong>Note:</strong> If a paid application has been uploaded 42 to Google Play, but saved only as a draft application (the app is 43 unpublished), the licensing server considers all users to be licensed users of 44 the application (because it's not even possible to purchase the app). This 45 exception is necessary in order for you to perform testing of your licensing 46 implementation.</p> 47 48 <div class="figure" style="width:469px"> 49 <img src="{@docRoot}images/licensing_arch.png" alt=""/> 50 <p class="img-caption"><strong>Figure 1.</strong> Your application initiates a 51 license check through the License Verification Library and the Google Play 52 client, which handles communication with the Google Play server.</p> 53 </div> 54 55 56 <p>To properly identify the user and determine the license status, the licensing server requires 57 information about the application and user—your application and the Google Play client work 58 together to assemble the information and the Google Play client passes it to the server. </p> 59 60 <p>To help you add licensing to your application, the Android SDK provides a downloadable set of 61 library sources that you can include in your application project: the Google Market 62 Licensing package. The License Verification Library (LVL) is a library you can add to your 63 application that 64 handles all of the licensing-related communication with the Google Play licensing service. With 65 the LVL added to your application, your application can determine its licensing status for the 66 current user by simply calling a method and implementing a callback that receives the status 67 response.</p> 68 69 <p>Your application does not query the licensing server 70 directly, but instead calls the Google Play client over remote IPC to 71 initiate a license request. In the license request:</p> 72 73 <ul> 74 <li>Your application provides: its package name, a nonce that is later used to 75 validate any response from the server, and a callback over which the 76 response can be returned asynchronously.</li> 77 <li>The Google Play client collects the necessary information about the user and the device, 78 such as the device's primary Google account username, IMSI, and other 79 information. It then sends the license check request to the server on behalf of 80 your application.</li> 81 <li>The Google Play server evaluates the request using all available information, attempting 82 to establish the user's identity to a sufficient level of confidence. The server 83 then checks the user identity against purchase records for your application and 84 returns a license response, which the Google Play client returns to your 85 application over the IPC callback.</li> 86 </ul> 87 88 <p>You can choose when, and how often, you want your application to check its 89 license and you have full control over how it handles the response, verifies the 90 signed response data, and enforces access controls.</p> 91 92 <p>Notice that during a license check, your application does not manage any 93 network connections or use any licensing related APIs in the Android platform.</p> 94 95 96 97 98 <h2 id="Secure">License Responses are Secure</h2> 99 100 <p>To ensure the integrity of each license query, the server signs the license 101 response data using an RSA key pair that is shared exclusively between the Google Play 102 server and you.</p> 103 104 <p>The licensing service generates a single licensing key pair for each 105 application and exposes the public key in your application's 106 <strong>Services & APIs</strong> page in the Developer Console. You must copy 107 the public key from the Developer Console and embed it in your application 108 source code. The server retains the private key internally and uses it to sign 109 license responses for the applications you publish with that account.</p> 110 111 <p>When your application receives a signed response, it uses the embedded public 112 key to verify the data. The use of public key cryptography in the licensing 113 service makes it possible for the application to detect responses that have been 114 tampered with or that are spoofed.</p> 115 116 117 118 119 <h2 id="LVL">Licensing Verification Library</h2> 120 121 <p>The Android SDK provides a downloadable package called the Google Market Licensing package, 122 which includes the License Verification Library (LVL). The LVL greatly simplifies the process of 123 adding licensing to your application and helps ensure a more secure, robust implementation for your 124 application. The LVL provides internal classes that handle most of the standard operations of a 125 license query, such as contacting the Google Play client to initiate a license request and 126 verifying and validating the responses. It also exposes interfaces that let you easily plug in your 127 custom code for defining licensing policy and managing access as needed by your application. The key 128 LVL interfaces are: </p> 129 130 <dl> 131 <dt>{@code Policy}</dt> 132 <dd>Your implementation determines whether to allow access to the 133 application, based on the license response received from the server and any 134 other data available (such as from a backend server associated with your 135 application). The implementation can evaluate the various fields of the license 136 response and apply other constraints, if needed. The implementation also lets 137 you manage the handling of license checks that result in errors, such as network 138 errors.</dd> 139 140 <dt>{@code LicenseCheckerCallback}</dt> 141 <dd>Your implementation manages access to the 142 application, based on the result of the {@code Policy} object's handling of the license 143 response. Your implementation can manage access in any way needed, including 144 displaying the license result in the UI or directing the user to purchase the 145 application (if not currently licensed).</dd> 146 </dl> 147 148 149 <p>To help you get started with a {@code Policy}, the LVL provides two fully complete 150 {@code Policy} implementations that you can use without modification or adapt to your 151 needs:</p> 152 153 <dl> 154 <dt><a href="adding-licensing.html#ServerManagedPolicy">{@code ServerManagedPolicy}</a></dt> 155 <dd>A flexible {@code Policy} 156 that uses settings provided by the licensing server to manage response caching 157 and access to the application while the device is offline (such as when the 158 user is on an airplane). For most applications, the use of 159 {@code ServerManagedPolicy} is highly recommended.</dd> 160 161 <dt><a href="adding-licensing.html#StrictPolicy">{@code StrictPolicy}</a></dt> 162 <dd>A restrictive {@code Policy} that 163 does not cache any response data and allows the application access <em>only</em> 164 when the server returns a licensed response.</dd> 165 </dl> 166 167 <p>The LVL is available as a downloadable package of the Android SDK. The 168 package includes both the LVL itself and an example application that shows how 169 the library should be integrated with your application and how your application 170 should manage response data, UI interaction, and error conditions. </p> 171 172 <p>The LVL sources are provided as an Android <em>library project</em>, which 173 means that you can maintain a single set of library sources and share them 174 across multiple applications. A full test environment is also available through 175 the SDK, so you can develop and test the licensing implementation in your 176 applications before publishing them, even if you don't have access to a 177 physical device.</p> 178 179 180 181 182 <h2 id="Reqs">Requirements and Limitations</h2> 183 184 <p>Google Play Licensing is designed to let you apply license controls to 185 applications that you publish through Google Play. The service is not 186 designed to let you control access to applications that are not published 187 through Google Play or that are run on devices that do not offer the Google 188 Play client. </p> 189 190 <p>Here are some points to keep in mind as you implement licensing in your 191 application: </p> 192 193 <ul> 194 <li>An application can use the service only if the Google Play client is 195 installed on its host device and the device is running Android 1.5 (API level 3) 196 or higher.</li> 197 <li>To complete a license check, the licensing server must be accessible over 198 the network. You can implement license caching behaviors to manage access to your application when 199 there is no network connectivity. </li> 200 <li>The security of your application's licensing controls ultimately relies on 201 the design of your implementation itself. The service provides the building 202 blocks that let you securely check licensing, but the actual enforcement and 203 handling of the license are factors are up to you. By following the best 204 practices in the following documents, you can help ensure that your implementation will be 205 secure.</li> 206 <li>Adding licensing to an application does not affect the way the application 207 functions when run on a device that does not offer Google Play.</li> 208 <li>You can implement licensing controls for a free app, but only if you're using the service to 209 provide <a 210 href="{@docRoot}google/play/expansion-files.html">APK expansion files</a>.</li> 211 </ul> 212 213 214 215 <h2 id="CopyProtection">Replacement for Copy Protection</h2> 216 217 <p>Google Play Licensing is a flexible, secure mechanism for controlling 218 access to your applications. It effectively replaces the Copy Protection 219 mechanism (no longer supported) that was previously offered on Google Play and 220 gives you wider distribution potential for your applications. </p> 221 222 <p>Licensing lets you move to a license-based model that is enforceable on 223 all devices that have access to Google Play. Access is not bound to the 224 characteristics of the host device, but to your 225 application on Google Play (through the app's public key) and the 226 licensing policy that you define. Your application can be installed and 227 managed on any device on any storage, including SD card.</p> 228 229 <p>Although no license mechanism can completely prevent all unauthorized use, 230 the licensing service lets you control access for most types of normal usage, 231 across all compatible devices, locked or unlocked, that run Android 1.5 or 232 higher version of the platform.</p> 233 234 <p>To begin adding application licensing to your application, continue to <a 235 href="{@docRoot}google/play/licensing/setting-up.html">Setting Up for Licensing</a>.</p> 236 237 238 239 240 241 242
