1 page.title=Adding Licensing to Your App 2 parent.title=Application Licensing 3 parent.link=index.html 4 @jd:body 5 6 7 8 <div id="qv-wrapper"> 9 <div id="qv"> 10 11 <h2>In this document</h2> 12 <ol> 13 <li><a href="#manifest-permission">Adding the Licensing Permission</a></li> 14 <li><a href="#impl-Policy">Implementing a Policy</a> 15 <ol> 16 <li><a href="#custom-policies">Guidelines for custom policies</a></li> 17 <li><a href="#ServerManagedPolicy">ServerManagedPolicy</a></li> 18 <li><a href="#StrictPolicy">StrictPolicy</a></li> 19 </ol> 20 </li> 21 <li><a href="#impl-Obfuscator">Implementing an Obfuscator</a> 22 <ol> 23 <li><a href="#AESObfuscator">AESObfuscator</a></li> 24 </ol> 25 </li> 26 <li><a href="#impl-lc">Checking the License from an Activity</a> 27 <ol> 28 <li><a href="#lc-overview">Overview of license check and response</a></li> 29 <li><a href="#imports">Add imports</a></li> 30 <li><a href="#lc-impl">Implement LicenseCheckerCallback as a private inner class</a></li> 31 <li><a href="#thread-handler">Create a Handler for posting from LicenseCheckerCallback 32 to the UI thread</a></li> 33 <li><a href="#lc-lcc">Instantiate LicenseChecker and LicenseCheckerCallback</a></li> 34 <li><a href="#check-access">Call checkAccess() to initiate the license check</a></li> 35 <li><a href="#account-key">Embed your public key for licensing</a></li> 36 <li><a href="#handler-cleanup">Call your LicenseChecker's onDestroy() method 37 to close IPC connections</a></li> 38 </ol> 39 </li> 40 <li><a href="#impl-DeviceLimiter">Implementing a DeviceLimiter</a></li> 41 <li><a href="#app-obfuscation">Obfuscating Your Code</a></li> 42 <li><a href="#app-publishing">Publishing a Licensed Application</a></li> 43 <li><a href="#support">Where to Get Support</a></li> 44 </ol> 45 46 </div> 47 </div> 48 49 50 51 <p>After you've set up a publisher account and development environment (see <a 52 href="setting-up.html">Setting Up for Licensing</a>), you are ready to add license verification to 53 your app with the License Verification Library (LVL).</p> 54 55 <p>Adding license verification with the LVL involves these tasks:</p> 56 57 <ol> 58 <li><a href="#manifest-permission">Adding the licensing permission</a> your application's manifest.</li> 59 <li><a href="#impl-Policy">Implementing a Policy</a> — you can choose one of the full implementations provided in the LVL or create your own.</li> 60 <li><a href="#impl-Obfuscator">Implementing an Obfuscator</a>, if your {@code Policy} will cache any 61 license response data. </li> 62 <li><a href="#impl-lc">Adding code to check the license</a> in your application's main 63 Activity.</li> 64 <li><a href="#impl-DeviceLimiter">Implementing a DeviceLimiter</a> (optional and not recommended for 65 most applications).</li> 66 </ol> 67 68 <p>The sections below describe these tasks. When you are done with the 69 integration, you should be able to compile your application successfully and you 70 can begin testing, as described in <a 71 href="{@docRoot}google/play/licensing/setting-up.html#test-env">Setting Up the Test 72 Environment</a>.</p> 73 74 <p>For an overview of the full set of source files included in the LVL, see <a 75 href="{@docRoot}google/play/licensing/licensing-reference.html#lvl-summary">Summary of LVL Classes 76 and Interfaces</a>.</p> 77 78 79 <h2 id="manifest-permission">Adding the Licensing Permission</h2> 80 81 <p>To use the Google Play application for sending a license check to the 82 server, your application must request the proper permission, 83 <code>com.android.vending.CHECK_LICENSE</code>. If your application does 84 not declare the licensing permission but attempts to initiate a license check, 85 the LVL throws a security exception.</p> 86 87 <p>To request the licensing permission in your application, declare a <a 88 href="{@docRoot}guide/topics/manifest/uses-permission-element.html"><code><uses-permission></code></a> 89 element as a child of <code><manifest></code>, as follows: </p> 90 91 <p style="margin-left:2em;"><code><uses-permission 92 android:name="com.android.vending.CHECK_LICENSE" /></code></p> 93 94 <p>For example, here's how the LVL sample application declares the permission: 95 </p> 96 97 <pre><?xml version="1.0" encoding="utf-8"?> 98 99 <manifest xmlns:android="http://schemas.android.com/apk/res/android" ..."> 100 <!-- Devices >= 3 have version of Google Play that supports licensing. --> 101 <uses-sdk android:minSdkVersion="3" /> 102 <!-- Required permission to check licensing. --> 103 <uses-permission android:name="com.android.vending.CHECK_LICENSE" /> 104 ... 105 </manifest> 106 </pre> 107 108 <p class="note"><strong>Note:</strong> Currently, you cannot declare the 109 <code>CHECK_LICENSE</code> permission in the LVL library project's manifest, 110 because the SDK Tools will not merge it into the manifests of dependent 111 applications. Instead, you must declare the permission in each dependent 112 application's manifest. </p> 113 114 115 <h2 id="impl-Policy">Implementing a Policy</h2> 116 117 <div class="sidebox-wrapper"> 118 <div class="sidebox"> 119 <h2>ServerManagedPolicy</h2> 120 121 <p>The LVL includes a complete {@code Policy} implementation called ServerManagedPolicy 122 that makes use of license-management settings provided by the Google Play 123 server. </p> 124 125 <p style="margin-top:.5em;">Use of ServerManagedPolicy as the basis for your 126 Policy is strongly recommended. For more information, see <a 127 href="#ServerManagedPolicy">ServerManagedPolicy</a> section, below.</p> 128 129 </div> 130 </div> 131 132 <p>Google Play licensing service does not itself determine whether a 133 given user with a given license should be granted access to your application. 134 Rather, that responsibility is left to a {@code Policy} implementation that you provide 135 in your application.</p> 136 137 <p>Policy is an interface declared by the LVL that is designed to hold your 138 application's logic for allowing or disallowing user access, based on the result 139 of a license check. To use the LVL, your application <em>must</em> provide an 140 implementation of {@code Policy}. </p> 141 142 <p>The {@code Policy} interface declares two methods, <code>allowAccess()</code> and 143 <code>processServerResponse()</code>, which are called by a {@code LicenseChecker} 144 instance when processing a response from the license server. It also declares an 145 enum called <code>LicenseResponse</code>, which specifies the license response 146 value passed in calls to <code>processServerResponse()</code>. </p> 147 148 <ul> 149 <li><code>processServerResponse()</code> lets you preprocess the raw response 150 data received from the licensing server, prior to determining whether to grant 151 access. 152 153 <p>A typical implementation would extract some or all fields from the license 154 response and store the data locally to a persistent store, such as through 155 {@link android.content.SharedPreferences} storage, to ensure that the data is 156 accessible across application invocations and device power cycles. For example, 157 a {@code Policy} would maintain the timestamp of the last successful license check, the 158 retry count, the license validity period, and similar information in a 159 persistent store, rather than resetting the values each time the application is 160 launched.</p> 161 162 <p>When storing response data locally, the {@code Policy} must ensure that the data is 163 obfuscated (see <a href="#impl-Obfuscator">Implementing an Obfuscator</a>, 164 below).</p></li> 165 166 <li><code>allowAccess()</code> determines whether to grant the user access to 167 your application, based on any available license response data (from the 168 licensing server or from cache) or other application-specific information. For 169 example, your implementation of <code>allowAccess()</code> could take into 170 account additional criteria, such as usage or other data retrieved from a 171 backend server. In all cases, an implementation of <code>allowAccess()</code> 172 should only return <code>true</code> if the user is licensed to use the 173 application, as determined by the licensing server, or if there is a transient 174 network or system problem that prevents the license check from completing. In 175 such cases, your implementation can maintain a count of retry responses and 176 provisionally allow access until the next license check is complete.</li> 177 178 </ul> 179 180 <p>To simplify the process of adding licensing to your application and to 181 provide an illustration of how a {@code Policy} should be designed, the LVL includes 182 two full {@code Policy} implementations that you can use without modification or 183 adapt to your needs:</p> 184 185 <ul> 186 <li><a href="#ServerManagedPolicy">ServerManagedPolicy</a>, a flexible {@code Policy} 187 that uses server-provided settings and cached responses to manage access across 188 varied network conditions, and</li> 189 <li><a href="#StrictPolicy">StrictPolicy</a>, which does not cache any response 190 data and allows access <em>only</em> if the server returns a licensed 191 response.</li> 192 </ul> 193 194 <p>For most applications, the use of ServerManagedPolicy is highly 195 recommended. ServerManagedPolicy is the LVL default and is integrated with 196 the LVL sample application.</p> 197 198 199 <h3 id="custom-policies">Guidelines for custom policies</h3> 200 201 <p>In your licensing implementation, you can use one of the complete policies 202 provided in the LVL (ServerManagedPolicy or StrictPolicy) or you can create a 203 custom policy. For any type of custom policy, there are several important design 204 points to understand and account for in your implementation.</p> 205 206 <p>The licensing server applies general request limits to guard against overuse 207 of resources that could result in denial of service. When an application exceeds 208 the request limit, the licensing server returns a 503 response, which gets 209 passed through to your application as a general server error. This means that no 210 license response will be available to the user until the limit is reset, which 211 can affect the user for an indefinite period.</p> 212 213 <p>If you are designing a custom policy, we recommend that the {@code Policy}: 214 <ol> 215 <!-- <li>Limits the number of points at which your app calls for a license check 216 to the minimum. </li> --> 217 <li>Caches (and properly obfuscates) the most recent successful license response 218 in local persistent storage.</li> 219 <li>Returns the cached response for all license checks, for as long as the 220 cached response is valid, rather than making a request to the licensing server. 221 Setting the response validity according to the server-provided <code>VT</code> 222 extra is highly recommended. See <a 223 href="{@docRoot}google/play/licensing/licensing-reference.html#extras">Server Response Extras</a> 224 for more information.</li> 225 <li>Uses an exponential backoff period, if retrying any requests the result in 226 errors. Note that the Google Play client automatically retries failed 227 requests, so in most cases there is no need for your {@code Policy} to retry them.</li> 228 <li>Provides for a "grace period" that allows the user to access your 229 application for a limited time or number of uses, while a license check is being 230 retried. The grace period benefits the user by allowing access until the next 231 license check can be completed successfully and it benefits you by placing a 232 hard limit on access to your application when there is no valid license response 233 available.</li> 234 </ol> 235 236 <p>Designing your {@code Policy} according to the guidelines listed above is critical, 237 because it ensures the best possible experience for users while giving you 238 effective control over your application even in error conditions. </p> 239 240 <p>Note that any {@code Policy} can use settings provided by the licensing server to 241 help manage validity and caching, retry grace period, and more. Extracting the 242 server-provided settings is straightforward and making use of them is highly 243 recommended. See the ServerManagedPolicy implementation for an example of how to 244 extract and use the extras. For a list of server settings and information about 245 how to use them, see <a 246 href="{@docRoot}google/play/licensing/licensing-reference.html#extras">Server Response 247 Extras</a>.</p> 248 249 <h3 id="ServerManagedPolicy">ServerManagedPolicy</h3> 250 251 <div class="sidebox-wrapper"> 252 <div class="sidebox"> 253 <h2>Server Response Extras</h2> 254 255 <p>For certain types of licensing responses, the licensing server appends extra 256 settings to the responses, to help the application manage licensing effectively. 257 </p> 258 259 <p style="margin-top:.5em;">See <a 260 href="{@docRoot}google/play/licensing/licensing-reference.html#extras">Server Response Extras</a> 261 for 262 a list of settings and <code>ServerManagedPolicy.java</code> for information 263 about how a {@code Policy} can use the extras.</p> 264 265 </div> 266 </div> 267 268 <p>The LVL includes a full and recommended implementation of the {@code Policy} 269 interface called ServerManagedPolicy. The implementation is integrated with the 270 LVL classes and serves as the default {@code Policy} in the library. </p> 271 272 <p>ServerManagedPolicy provides all of the handling for license and retry 273 responses. It caches all of the response data locally in a 274 {@link android.content.SharedPreferences} file, obfuscating it with the 275 application's {@code Obfuscator} implementation. This ensures that the license response 276 data is secure and persists across device power cycles. ServerManagedPolicy 277 provides concrete implementations of the interface methods 278 <code>processServerResponse()</code> and <code>allowAccess()</code> and also 279 includes a set of supporting methods and types for managing license 280 responses.</p> 281 282 <p>Importantly, a key feature of ServerMangedPolicy is its use of 283 server-provided settings as the basis for managing licensing across an 284 application's refund period and through varying network and error conditions. 285 When an application contacts the Google Play server for a license check, the 286 server appends several settings as key-value pairs in the extras field of certain 287 license response types. For example, the server provides recommended values for the 288 application's license validity period, retry grace period, and maximum allowable 289 retry count, among others. ServerManagedPolicy extracts the values from the 290 license response in its <code>processServerResponse()</code> method and checks 291 them in its <code>allowAccess()</code> method. For a list of the server-provided 292 settings used by ServerManagedPolicy, see <a 293 href="{@docRoot}google/play/licensing/licensing-reference.html#extras">Server Response 294 Extras</a>.</p> 295 296 <p>For convenience, best performance, and the benefit of using license settings 297 from the Google Play server, <strong>using ServerManagedPolicy as your 298 licensing {@code Policy} is strongly recommended</strong>. </p> 299 300 <p>If you are concerned about the security of license response data that is 301 stored locally in {@link android.content.SharedPreferences}, you can use a stronger obfuscation 302 algorithm or design a stricter {@code Policy} that does not store license data. The LVL 303 includes an example of such a {@code Policy} — see <a 304 href="#StrictPolicy">StrictPolicy</a> for more information.</p> 305 306 <p>To use ServerManagedPolicy, simply import it to your Activity, create an 307 instance, and pass a reference to the instance when constructing your 308 {@code LicenseChecker}. See <a href="#lc-lcc">Instantiate LicenseChecker and 309 LicenseCheckerCallback</a> for more information. </p> 310 311 <h3 id="StrictPolicy">StrictPolicy</h3> 312 313 <p>The LVL includes an alternative full implementation of the {@code Policy} interface 314 called StrictPolicy. The StrictPolicy implementation provides a more restrictive 315 Policy than ServerManagedPolicy, in that it does not allow the user to access 316 the application unless a license response is received from the server at the 317 time of access that indicates that the user is licensed.</p> 318 319 <p>The principal feature of StrictPolicy is that it does not store <em>any</em> 320 license response data locally, in a persistent store. Because no data is stored, 321 retry requests are not tracked and cached responses can not be used to fulfill 322 license checks. The {@code Policy} allows access only if:</p> 323 324 <ul> 325 <li>The license response is received from the licensing server, and </li> 326 <li>The license response indicates that the user is licensed to access the 327 application. </li> 328 </ul> 329 330 <p>Using StrictPolicy is appropriate if your primary concern is to ensure that, 331 in all possible cases, no user will be allowed to access the application unless 332 the user is confirmed to be licensed at the time of use. Additionally, the 333 Policy offers slightly more security than ServerManagedPolicy — since 334 there is no data cached locally, there is no way a malicious user could tamper 335 with the cached data and obtain access to the application.</p> 336 337 <p>At the same time, this {@code Policy} presents a challenge for normal users, since it 338 means that they won't be able to access the application when there is no network 339 (cell or Wi-Fi) connection available. Another side-effect is that your 340 application will send more license check requests to the server, since using a 341 cached response is not possible.</p> 342 343 <p>Overall, this policy represents a tradeoff of some degree of user convenience 344 for absolute security and control over access. Consider the tradeoff carefully 345 before using this {@code Policy}.</p> 346 347 <p>To use StrictPolicy, simply import it to your Activity, create an instance, 348 and pass a reference to it when constructing your {@code LicenseChecker}. See 349 <a href="#lc-lcc">Instantiate LicenseChecker and LicenseCheckerCallback</a> 350 for more information. </p> 351 352 <h2 id="impl-Obfuscator">Implementing an Obfuscator</h2> 353 354 <div class="sidebox-wrapper"> 355 <div class="sidebox"> 356 <h2>AESObfuscator</h2> 357 358 <p>The LVL includes a full {@code Obfuscator} implementation in the 359 <code>AESObfuscator.java</code> file. The {@code Obfuscator} uses AES encryption to 360 obfuscate/unobfuscate data. If you are using a {@code Policy} (such as 361 ServerManagedPolicy) that caches license response data, using AESObfuscator as 362 basis for your {@code Obfuscator} implementation is highly recommended. </p> 363 364 </div> 365 </div> 366 367 <p>A typical {@code Policy} implementation needs to save the license response data for 368 an application to a persistent store, so that it is accessible across 369 application invocations and device power cycles. For example, a {@code Policy} would 370 maintain the timestamp of the last successful license check, the retry count, 371 the license validity period, and similar information in a persistent store, 372 rather than resetting the values each time the application is launched. The 373 default {@code Policy} included in the LVL, ServerManagedPolicy, stores license response 374 data in a {@link android.content.SharedPreferences} instance, to ensure that the 375 data is persistent. </p> 376 377 <p>Because the {@code Policy} will use stored license response data to determine whether 378 to allow or disallow access to the application, it <em>must</em> ensure that any 379 stored data is secure and cannot be reused or manipulated by a root user on a 380 device. Specifically, the {@code Policy} must always obfuscate the data before storing 381 it, using a key that is unique for the application and device. Obfuscating using 382 a key that is both application-specific and device-specific is critical, because 383 it prevents the obfuscated data from being shared among applications and 384 devices.</p> 385 386 <p>The LVL assists the application with storing its license response data in a 387 secure, persistent manner. First, it provides an {@code Obfuscator} 388 interface that lets your application supply the obfuscation algorithm of its 389 choice for stored data. Building on that, the LVL provides the helper class 390 PreferenceObfuscator, which handles most of the work of calling the 391 application's {@code Obfuscator} class and reading and writing the obfuscated data in a 392 {@link android.content.SharedPreferences} instance. </p> 393 394 <p>The LVL provides a full {@code Obfuscator} implementation called 395 AESObfuscator that uses AES encryption to obfuscate data. You can 396 use AESObfuscator in your application without modification or you 397 can adapt it to your needs. For more information, see the next section.</p> 398 399 400 <h3 id="AESObfuscator">AESObfuscator</h3> 401 402 <p>The LVL includes a full and recommended implementation of the {@code Obfuscator} 403 interface called AESObfuscator. The implementation is integrated with the 404 LVL sample application and serves as the default {@code Obfuscator} in the library. </p> 405 406 <p>AESObfuscator provides secure obfuscation of data by using AES to 407 encrypt and decrypt the data as it is written to or read from storage. 408 The {@code Obfuscator} seeds the encryption using three data fields provided 409 by the application: </p> 410 411 <ol> 412 <li>A salt — an array of random bytes to use for each (un)obfuscation. </li> 413 <li>An application identifier string, typically the package name of the application.</li> 414 <li>A device identifier string, derived from as many device-specific sources 415 as possible, so as to make it as unique.</li> 416 </ol> 417 418 <p>To use AESObfuscator, first import it to your Activity. Declare a private 419 static final array to hold the salt bytes and initialize it to 20 randomly 420 generated bytes.</p> 421 422 <pre> ... 423 // Generate 20 random bytes, and put them here. 424 private static final byte[] SALT = new byte[] { 425 -46, 65, 30, -128, -103, -57, 74, -64, 51, 88, -95, 426 -45, 77, -117, -36, -113, -11, 32, -64, 89 427 }; 428 ... 429 </pre> 430 431 <p>Next, declare a variable to hold a device identifier and generate a value for 432 it in any way needed. For example, the sample application included in the LVL 433 queries the system settings for the 434 <code>android.Settings.Secure.ANDROID_ID</code>, which is unique to each device. 435 </p> 436 437 <p>Note that, depending on the APIs you use, your application might need to 438 request additional permissions in order to acquire device-specific information. 439 For example, to query the {@link android.telephony.TelephonyManager} to obtain 440 the device IMEI or related data, the application will also need to request the 441 <code>android.permission.READ_PHONE_STATE</code> permission in its manifest.</p> 442 443 <p>Before requesting new permissions for the <em>sole purpose</em> of acquiring 444 device-specific information for use in your {@code Obfuscator}, consider 445 how doing so might affect your application or its filtering on Google Play 446 (since some permissions can cause the SDK build tools to add 447 the associated <code><uses-feature></code>).</p> 448 449 <p>Finally, construct an instance of AESObfuscator, passing the salt, 450 application identifier, and device identifier. You can construct the instance 451 directly, while constructing your {@code Policy} and {@code LicenseChecker}. For example:</p> 452 453 <pre> ... 454 // Construct the LicenseChecker with a Policy. 455 mChecker = new LicenseChecker( 456 this, new ServerManagedPolicy(this, 457 new AESObfuscator(SALT, getPackageName(), deviceId)), 458 BASE64_PUBLIC_KEY // Your public licensing key. 459 ); 460 ... 461 </pre> 462 463 <p>For a complete example, see MainActivity in the LVL sample application.</p> 464 465 466 <h2 id="impl-lc">Checking the License from an Activity</h2> 467 468 <p>Once you've implemented a {@code Policy} for managing access to your application, the 469 next step is to add a license check to your application, which initiates a query 470 to the licensing server if needed and manages access to the application based on 471 the license response. All of the work of adding the license check and handling 472 the response takes place in your main {@link android.app.Activity} source file. 473 </p> 474 475 <p>To add the license check and handle the response, you must:</p> 476 477 <ol> 478 <li><a href="#imports">Add imports</a></li> 479 <li><a href="#lc-impl">Implement LicenseCheckerCallback</a> as a private inner class</li> 480 <li><a href="#thread-handler">Create a Handler</a> for posting from LicenseCheckerCallback to the UI thread</li> 481 <li><a href="#lc-lcc">Instantiate LicenseChecker</a> and LicenseCheckerCallback</li> 482 <li><a href="#check-access">Call checkAccess()</a> to initiate the license check</li> 483 <li><a href="#account-key">Embed your public key</a> for licensing</li> 484 <li><a href="#handler-cleanup">Call your LicenseChecker's onDestroy() method</a> to close IPC connections.</li> 485 </ol> 486 487 <p>The sections below describe these tasks. </p> 488 489 <h3 id="lc-overview">Overview of license check and response</h3> 490 491 <div class="sidebox-wrapper"> 492 <div class="sidebox"> 493 <h2>Example: MainActivity</h2> 494 495 <p>The sample application included with the LVL provides a full example of how 496 to initiate a license check and handle the result, in the 497 <code>MainActivity.java</code> file.</p> 498 499 </div> 500 </div> 501 502 <p>In most cases, you should add the license check to your application's main 503 {@link android.app.Activity}, in the {@link android.app.Activity#onCreate onCreate()} method. This 504 ensures that when the user launches your application directly, the license check 505 will be invoked immediately. In some cases, you can add license checks in other 506 locations as well. For example, if your application includes multiple Activity 507 components that other applications can start by {@link android.content.Intent}, 508 you could add license checks in those Activities.</p> 509 510 <p>A license check consists of two main actions: </p> 511 512 <ul> 513 <li>A call to a method to initiate the license check — in the LVL, this is 514 a call to the <code>checkAccess()</code> method of a {@code LicenseChecker} object that 515 you construct.</li> 516 <li>A callback that returns the result of the license check. In the LVL, this is 517 a <code>LicenseCheckerCallback</code> interface that you implement. The 518 interface declares two methods, <code>allow()</code> and 519 <code>dontAllow()</code>, which are invoked by the library based on to the 520 result of the license check. You implement these two methods with whatever logic 521 you need, to allow or disallow the user access to your application. Note that 522 these methods do not determine <em>whether</em> to allow access — that 523 determination is the responsibility of your {@code Policy} implementation. Rather, these 524 methods simply provide the application behaviors for <em>how</em> to allow and 525 disallow access (and handle application errors). 526 <p>The <code>allow()</code> and <code>dontAllow()</code> methods do provide a "reason" 527 for their response, which can be one of the {@code Policy} values, {@code LICENSED}, 528 {@code NOT_LICENSED}, or {@code RETRY}. In particular, you should handle the case in which 529 the method receives the {@code RETRY} response for {@code dontAllow()} and provide the user with an 530 "Retry" button, which might have happened because the service was unavailable during the 531 request.</p></li> 532 </ul> 533 534 <div style="margin-bottom:2em;"> 535 536 <img src="{@docRoot}images/licensing_flow.png" style="text-align:left;margin-bottom:0;margin-left:3em;" /> 537 <div style="margin:.5em 0 1.5em 2em;padding:0"><strong>Figure 6.</strong> Overview of a 538 typical license check interaction.</div> 539 </div> 540 541 <p>The diagram above illustrates how a typical license check takes place: </p> 542 543 <ol> 544 <li>Code in the application's main Activity instantiates {@code LicenseCheckerCallback} 545 and {@code LicenseChecker} objects. When constructing {@code LicenseChecker}, the code passes in 546 {@link android.content.Context}, a {@code Policy} implementation to use, and the 547 publisher account's public key for licensing as parameters. </li> 548 <li>The code then calls the <code>checkAccess()</code> method on the 549 {@code LicenseChecker} object. The method implementation calls the {@code Policy} to determine 550 whether there is a valid license response cached locally, in 551 {@link android.content.SharedPreferences}. 552 <ul> 553 <li>If so, the <code>checkAccess()</code> implementation calls 554 <code>allow()</code>.</li> 555 <li>Otherwise, the {@code LicenseChecker} initiates a license check request that is sent 556 to the licensing server.</li> 557 </ul> 558 559 <p class="note"><strong>Note:</strong> The licensing server always returns 560 <code>LICENSED</code> when you perform a license check of a draft application.</p> 561 </li> 562 <li>When a response is received, {@code LicenseChecker} creates a LicenseValidator that 563 verifies the signed license data and extracts the fields of the response, then 564 passes them to your {@code Policy} for further evaluation. 565 <ul> 566 <li>If the license is valid, the {@code Policy} caches the response in 567 {@link android.content.SharedPreferences} and notifies the validator, which then calls the 568 <code>allow()</code> method on the {@code LicenseCheckerCallback} object. </li> 569 <li>If the license not valid, the {@code Policy} notifies the validator, which calls 570 the <code>dontAllow()</code> method on {@code LicenseCheckerCallback}. </li> 571 </ul> 572 </li> 573 <li>In case of a recoverable local or server error, such as when the network is 574 not available to send the request, {@code LicenseChecker} passes a {@code RETRY} response to 575 your {@code Policy} object's <code>processServerResponse()</code> method. 576 <p>Also, both the {@code allow()} and {@code dontAllow()} callback methods receive a 577 <code>reason</code> argument. The {@code allow()} method's reason is usually {@code 578 Policy.LICENSED} or {@code Policy.RETRY} and the {@code dontAllow()} reason is usually {@code 579 Policy.NOT_LICENSED} or {@code Policy.RETRY}. These response values are useful so you can show 580 an appropriate response for the user, such as by providing a "Retry" button when {@code 581 dontAllow()} responds with {@code Policy.RETRY}, which might have been because the service was 582 unavailable.</p></li> 583 <li>In case of a application error, such as when the application attempts to 584 check the license of an invalid package name, {@code LicenseChecker} passes an error 585 response to the LicenseCheckerCallback's <code>applicationError()</code> 586 method. </li> 587 </ol> 588 589 <p>Note that, in addition to initiating the license check and handling the 590 result, which are described in the sections below, your application also needs 591 to provide a <a href="#impl-Policy">Policy implementation</a> and, if the {@code Policy} 592 stores response data (such as ServerManagedPolicy), an <a 593 href="#impl-Obfuscator">Obfuscator</a> implementation. </p> 594 595 596 <h3 id="imports">Add imports</h3> 597 598 <p>First, open the class file of the application's main Activity and import 599 {@code LicenseChecker} and {@code LicenseCheckerCallback} from the LVL package.</p> 600 601 <pre> import com.google.android.vending.licensing.LicenseChecker; 602 import com.google.android.vending.licensing.LicenseCheckerCallback;</pre> 603 604 <p>If you are using the default {@code Policy} implementation provided with the LVL, 605 ServerManagedPolicy, import it also, together with the AESObfuscator. If you are 606 using a custom {@code Policy} or {@code Obfuscator}, import those instead. </p> 607 608 <pre> import com.google.android.vending.licensing.ServerManagedPolicy; 609 import com.google.android.vending.licensing.AESObfuscator;</pre> 610 611 <h3 id="lc-impl">Implement LicenseCheckerCallback as a private inner class</h3> 612 613 <p>{@code LicenseCheckerCallback} is an interface provided by the LVL for handling 614 result of a license check. To support licensing using the LVL, you must 615 implement {@code LicenseCheckerCallback} and 616 its methods to allow or disallow access to the application.</p> 617 618 <p>The result of a license check is always a call to one of the 619 {@code LicenseCheckerCallback} methods, made based on the validation of the response 620 payload, the server response code itself, and any additional processing provided 621 by your {@code Policy}. Your application can implement the methods in any way needed. In 622 general, it's best to keep the methods simple, limiting them to managing UI 623 state and application access. If you want to add further processing of license 624 responses, such as by contacting a backend server or applying custom constraints, 625 you should consider incorporating that code into your {@code Policy}, rather than 626 putting it in the {@code LicenseCheckerCallback} methods. </p> 627 628 <p>In most cases, you should declare your implementation of 629 {@code LicenseCheckerCallback} as a private class inside your application's main 630 Activity class. </p> 631 632 <p>Implement the <code>allow()</code> and <code>dontAllow()</code> methods as 633 needed. To start with, you can use simple result-handling behaviors in the 634 methods, such as displaying the license result in a dialog. This helps you get 635 your application running sooner and can assist with debugging. Later, after you 636 have determined the exact behaviors you want, you can add more complex handling. 637 </p> 638 639 <p>Some suggestions for handling unlicensed responses in 640 <code>dontAllow()</code> include: </p> 641 642 <ul> 643 <li>Display a "Try again" dialog to the user, including a button to initiate a 644 new license check if the <code>reason</code> supplied is {@code Policy.RETRY}. </li> 645 <li>Display a "Purchase this application" dialog, including a button that 646 deep-links the user to the application's details page on Google Play, from which the 647 use can purchase the application. For more information on how to set up such 648 links, see <a 649 href="{@docRoot}distribute/googleplay/promote/linking.html">Linking to Your Products</a>. </li> 650 <li>Display a Toast notification that indicates that the features of the 651 application are limited because it is not licensed. </li> 652 </ul> 653 654 <p>The example below shows how the LVL sample application implements 655 {@code LicenseCheckerCallback}, with methods that display the license check result in a 656 dialog. </p> 657 658 <pre> 659 private class MyLicenseCheckerCallback implements LicenseCheckerCallback { 660 public void allow(int reason) { 661 if (isFinishing()) { 662 // Don't update UI if Activity is finishing. 663 return; 664 } 665 // Should allow user access. 666 displayResult(getString(R.string.allow)); 667 } 668 669 public void dontAllow(int reason) { 670 if (isFinishing()) { 671 // Don't update UI if Activity is finishing. 672 return; 673 } 674 displayResult(getString(R.string.dont_allow)); 675 676 if (reason == Policy.RETRY) { 677 // If the reason received from the policy is RETRY, it was probably 678 // due to a loss of connection with the service, so we should give the 679 // user a chance to retry. So show a dialog to retry. 680 showDialog(DIALOG_RETRY); 681 } else { 682 // Otherwise, the user is not licensed to use this app. 683 // Your response should always inform the user that the application 684 // is not licensed, but your behavior at that point can vary. You might 685 // provide the user a limited access version of your app or you can 686 // take them to Google Play to purchase the app. 687 showDialog(DIALOG_GOTOMARKET); 688 } 689 } 690 } 691 </pre> 692 693 <p>Additionally, you should implement the <code>applicationError()</code> 694 method, which the LVL calls to let your application handle errors that are not 695 retryable. For a list of such errors, see <a 696 href="{@docRoot}google/play/licensing/licensing-reference.html#server-response-codes">Server 697 Response Codes</a> in the <a 698 href="{@docRoot}google/play/licensing/licensing-reference.html">Licensing Reference</a>. You can implement 699 the method in any way needed. In most cases, the 700 method should log the error code and call <code>dontAllow()</code>.</p> 701 702 <h3 id="thread-handler">Create a Handler for posting from LicenseCheckerCallback 703 to the UI thread</h3> 704 705 <p>During a license check, the LVL passes the request to the Google Play 706 application, which handles communication with the licensing server. The LVL 707 passes the request over asynchronous IPC (using {@link android.os.Binder}) so 708 the actual processing and network communication do not take place on a thread 709 managed by your application. Similarly, when the Google Play application 710 receives the result, it invokes a callback method over IPC, which in turn 711 executes in an IPC thread pool in your application's process.</p> 712 713 <p>The {@code LicenseChecker} class manages your application's IPC communication with 714 the Google Play application, including the call that sends the request and 715 the callback that receives the response. {@code LicenseChecker} also tracks open license 716 requests and manages their timeouts. </p> 717 718 <p>So that it can handle timeouts properly and also process incoming responses 719 without affecting your application's UI thread, {@code LicenseChecker} spawns a 720 background thread at instantiation. In the thread it does all processing of 721 license check results, whether the result is a response received from the server 722 or a timeout error. At the conclusion of processing, the LVL calls your 723 {@code LicenseCheckerCallback} methods from the background thread. </p> 724 725 <p>To your application, this means that:</p> 726 727 <ol> 728 <li>Your {@code LicenseCheckerCallback} methods will be invoked, in many cases, from a 729 background thread.</li> 730 <li>Those methods won't be able to update state or invoke any processing in the 731 UI thread, unless you create a Handler in the UI thread and have your callback 732 methods post to the Handler.</li> 733 </ol> 734 735 <p>If you want your {@code LicenseCheckerCallback} methods to update the UI thread, 736 instantiate a {@link android.os.Handler} in the main Activity's 737 {@link android.app.Activity#onCreate(android.os.Bundle) onCreate()} method, 738 as shown below. In this example, the LVL sample application's 739 {@code LicenseCheckerCallback} methods (see above) call <code>displayResult()</code> to 740 update the UI thread through the Handler's 741 {@link android.os.Handler#post(java.lang.Runnable) post()} method.</p> 742 743 <pre>private Handler mHandler; 744 745 @Override 746 public void onCreate(Bundle savedInstanceState) { 747 ... 748 mHandler = new Handler(); 749 } 750 </pre> 751 752 <p>Then, in your {@code LicenseCheckerCallback} methods, you can use Handler methods to 753 post Runnable or Message objects to the Handler. Here's how the sample 754 application included in the LVL posts a Runnable to a Handler in the UI thread 755 to display the license status.</p> 756 757 <pre> private void displayResult(final String result) { 758 mHandler.post(new Runnable() { 759 public void run() { 760 mStatusText.setText(result); 761 setProgressBarIndeterminateVisibility(false); 762 mCheckLicenseButton.setEnabled(true); 763 } 764 }); 765 } 766 </pre> 767 768 <h3 id="lc-lcc">Instantiate LicenseChecker and LicenseCheckerCallback</h3> 769 770 <p>In the main Activity's 771 {@link android.app.Activity#onCreate(android.os.Bundle) onCreate()} method, 772 create private instances of LicenseCheckerCallback and {@code LicenseChecker}. You must 773 instantiate {@code LicenseCheckerCallback} first, because you need to pass a reference 774 to that instance when you call the constructor for {@code LicenseChecker}. </p> 775 776 <p>When you instantiate {@code LicenseChecker}, you need to pass in these parameters:</p> 777 778 <ul> 779 <li>The application {@link android.content.Context}</li> 780 <li>A reference to the {@code Policy} implementation to use for the license check. In 781 most cases, you would use the default {@code Policy} implementation provided by the LVL, 782 ServerManagedPolicy. </li> 783 <li>The String variable holding your publisher account's public key for 784 licensing. </li> 785 </ul> 786 787 <p>If you are using ServerManagedPolicy, you won't need to access the class 788 directly, so you can instantiate it in the {@code LicenseChecker} constructor, 789 as shown in the example below. Note that you need to pass a reference to a new 790 Obfuscator instance when you construct ServerManagedPolicy.</p> 791 792 <p>The example below shows the instantiation of {@code LicenseChecker} and 793 {@code LicenseCheckerCallback} from the <code>onCreate()</code> method of an Activity 794 class. </p> 795 796 <pre>public class MainActivity extends Activity { 797 ... 798 private LicenseCheckerCallback mLicenseCheckerCallback; 799 private LicenseChecker mChecker; 800 801 @Override 802 public void onCreate(Bundle savedInstanceState) { 803 super.onCreate(savedInstanceState); 804 ... 805 // Construct the LicenseCheckerCallback. The library calls this when done. 806 mLicenseCheckerCallback = new MyLicenseCheckerCallback(); 807 808 // Construct the LicenseChecker with a Policy. 809 mChecker = new LicenseChecker( 810 this, new ServerManagedPolicy(this, 811 new AESObfuscator(SALT, getPackageName(), deviceId)), 812 BASE64_PUBLIC_KEY // Your public licensing key. 813 ); 814 ... 815 } 816 } 817 </pre> 818 819 820 <p>Note that {@code LicenseChecker} calls the {@code LicenseCheckerCallback} methods from the UI 821 thread <em>only</em> if there is valid license response cached locally. If the 822 license check is sent to the server, the callbacks always originate from the 823 background thread, even for network errors. </p> 824 825 826 <h3 id="check-access">Call checkAccess() to initiate the license check</h3> 827 828 <p>In your main Activity, add a call to the <code>checkAccess()</code> method of the 829 {@code LicenseChecker} instance. In the call, pass a reference to your 830 {@code LicenseCheckerCallback} instance as a parameter. If you need to handle any 831 special UI effects or state management before the call, you might find it useful 832 to call <code>checkAccess()</code> from a wrapper method. For example, the LVL 833 sample application calls <code>checkAccess()</code> from a 834 <code>doCheck()</code> wrapper method:</p> 835 836 <pre> @Override 837 public void onCreate(Bundle savedInstanceState) { 838 super.onCreate(savedInstanceState); 839 ... 840 // Call a wrapper method that initiates the license check 841 doCheck(); 842 ... 843 } 844 ... 845 private void doCheck() { 846 mCheckLicenseButton.setEnabled(false); 847 setProgressBarIndeterminateVisibility(true); 848 mStatusText.setText(R.string.checking_license); 849 mChecker.checkAccess(mLicenseCheckerCallback); 850 } 851 </pre> 852 853 854 <h3 id="account-key">Embed your public key for licensing</h3> 855 856 <p>For each application, the Google Play service automatically 857 generates a 2048-bit RSA public/private key pair that is used for 858 licensing and in-app billing. The key pair is uniquely associated with the 859 application. Although associated with the application, the key pair is 860 <em>not</em> the same as the key that you use to sign your applications (or derived from it).</p> 861 862 <p>The Google Play Developer Console exposes the public key for licensing to any 863 developer signed in to the Developer Console, but it keeps the private key 864 hidden from all users in a secure location. When an application requests a 865 license check for an application published in your account, the licensing server 866 signs the license response using the private key of your application's key pair. 867 When the LVL receives the response, it uses the public key provided by the 868 application to verify the signature of the license response. </p> 869 870 <p>To add licensing to an application, you must obtain your application's 871 public key for licensing and copy it into your application. Here's how to find 872 your application's public key for licensing:</p> 873 874 <ol> 875 <li>Go to the Google Play <a 876 href="http://play.google.com/apps/publish">Developer Console</a> and sign in. 877 Make sure that you sign in to the account from which the application you are 878 licensing is published (or will be published). </li> 879 <li>In the application details page, locate the <strong>Services & APIs</strong> 880 link and click it. </li> 881 <li>In the <strong>Services & APIs</strong> page, locate the 882 <strong>Licensing & In-App Billing</strong> section. Your public key for 883 licensing is given in the 884 <strong>Your License Key For This Application</strong> field. </li> 885 </ol> 886 887 <p>To add the public key to your application, simply copy/paste the key string 888 from the field into your application as the value of the String variable 889 <code>BASE64_PUBLIC_KEY</code>. When you are copying, make sure that you have 890 selected the entire key string, without omitting any characters. </p> 891 892 <p>Here's an example from the LVL sample application:</p> 893 894 <pre> public class MainActivity extends Activity { 895 private static final String BASE64_PUBLIC_KEY = "MIIBIjANBgkqhkiG ... "; //truncated for this example 896 ... 897 } 898 </pre> 899 900 <h3 id="handler-cleanup">Call your LicenseChecker's onDestroy() method 901 to close IPC connections</h3> 902 903 <p>Finally, to let the LVL clean up before your application 904 {@link android.content.Context} changes, add a call to the {@code LicenseChecker}'s 905 <code>onDestroy()</code> method from your Activity's 906 {@link android.app.Activity#onDestroy()} implementation. The call causes the 907 {@code LicenseChecker} to properly close any open IPC connection to the Google Play 908 application's ILicensingService and removes any local references to the service 909 and handler.</p> 910 911 <p>Failing to call the {@code LicenseChecker}'s <code>onDestroy()</code> method 912 can lead to problems over the lifecycle of your application. For example, if the 913 user changes screen orientation while a license check is active, the application 914 {@link android.content.Context} is destroyed. If your application does not 915 properly close the {@code LicenseChecker}'s IPC connection, your application will crash 916 when the response is received. Similarly, if the user exits your application 917 while a license check is in progress, your application will crash when the 918 response is received, unless it has properly called the 919 {@code LicenseChecker}'s <code>onDestroy()</code> method to disconnect from the service. 920 </p> 921 922 <p>Here's an example from the sample application included in the LVL, where 923 <code>mChecker</code> is the {@code LicenseChecker} instance:</p> 924 925 <pre> @Override 926 protected void onDestroy() { 927 super.onDestroy(); 928 mChecker.onDestroy(); 929 ... 930 } 931 </pre> 932 933 <p>If you are extending or modifying {@code LicenseChecker}, you might also need to call 934 the {@code LicenseChecker}'s <code>finishCheck()</code> method, to clean up any open IPC 935 connections.</p> 936 937 <h2 id="impl-DeviceLimiter">Implementing a DeviceLimiter</h2> 938 939 <p>In some cases, you might want your {@code Policy} to limit the number of actual 940 devices that are permitted to use a single license. This would prevent a user 941 from moving a licensed application onto a number of devices and using the 942 application on those devices under the same account ID. It would also prevent a 943 user from "sharing" the application by providing the account information 944 associated with the license to other individuals, who could then sign in to that 945 account on their devices and access the license to the application. </p> 946 947 <p>The LVL supports per-device licensing by providing a 948 <code>DeviceLimiter</code> interface, which declares a single method, 949 <code>allowDeviceAccess()</code>. When a LicenseValidator is handling a response 950 from the licensing server, it calls <code>allowDeviceAccess()</code>, passing a 951 user ID string extracted from the response.</p> 952 953 <p>If you do not want to support device limitation, <strong>no work is 954 required</strong> — the {@code LicenseChecker} class automatically uses a default 955 implementation called NullDeviceLimiter. As the name suggests, NullDeviceLimiter 956 is a "no-op" class whose <code>allowDeviceAccess()</code> method simply returns 957 a <code>LICENSED</code> response for all users and devices. </p> 958 959 <div style="border-left:4px solid #FFCF00;margin:1em;padding: 0 0 0 .5em"> 960 <p><strong>Caution:</strong> Per-device licensing is <em>not recommended for 961 most applications</em> because:</p> 962 <ul> 963 <li>It requires that you provide a backend server to manage a users and devices 964 mapping, and </li> 965 <li>It could inadvertently result in a user being denied access to an 966 application that they have legitimately purchased on another device.</li> 967 </ul> 968 </div> 969 970 <h2 id="app-obfuscation">Obfuscating Your Code</h2> 971 972 <p>To ensure the security of your application, particularly for a paid 973 application that uses licensing and/or custom constraints and protections, it's 974 very important to obfuscate your application code. Properly obfuscating your 975 code makes it more difficult for a malicious user to decompile the application's 976 bytecode, modify it — such as by removing the license check — 977 and then recompile it.</p> 978 979 <p>Several obfuscator programs are available for Android applications, including 980 <a href="http://proguard.sourceforge.net/">ProGuard</a>, which also offers 981 code-optimization features. The use of ProGuard or a similar program to obfuscate 982 your code is <em>strongly recommended</em> for all applications that use Google 983 Play Licensing. </p> 984 985 <h2 id="app-publishing">Publishing a Licensed Application</h2> 986 987 <p>When you are finished testing your license implementation, you are ready to 988 publish the application on Google Play. Follow the normal steps to <a 989 href="{@docRoot}tools/publishing/preparing.html">prepare</a>, <a 990 href="{@docRoot}tools/publishing/app-signing.html">sign</a>, and then <a 991 href="{@docRoot}distribute/googleplay/publish/preparing.html">publish the application</a>. 992 </p> 993 994 995 <h2 id="support">Where to Get Support</h2> 996 997 <p>If you have questions or encounter problems while implementing or deploying 998 publishing in your applications, please use the support resources listed in the 999 table below. By directing your queries to the correct forum, you can get the 1000 support you need more quickly. </p> 1001 1002 <p class="table-caption"><strong>Table 2.</strong> Developer support resources 1003 for Google Play Licensing Service.</p> 1004 1005 <table> 1006 1007 <tr> 1008 <th>Support Type</th> 1009 <th>Resource</th> 1010 <th>Range of Topics</th> 1011 </tr> 1012 <tr> 1013 <td rowspan="2">Development and testing issues</td> 1014 <td>Google Groups: <a 1015 href="http://groups.google.com/group/android-developers">android-developers</a> 1016 </td> 1017 <td rowspan="2">LVL download and integration, library projects, {@code Policy} 1018 questions, user experience ideas, handling of responses, {@code Obfuscator}, IPC, test 1019 environment setup</td> 1020 </tr> 1021 <tr> 1022 <td>Stack Overflow: <a 1023 href="http://stackoverflow.com/questions/tagged/android">http://stackoverflow.com/questions/tagged/android</a></td> 1024 </tr> 1025 <tr> 1026 <td rowspan="2">Accounts, publishing, and deployment issues</td> 1027 <td><a href="http://www.google.com/support/forum/p/Android+Market">Google Play 1028 Help Forum</a></td> 1029 <td rowspan="2">Publisher accounts, licensing key pair, test accounts, server 1030 responses, test responses, application deployment and results</td> 1031 </tr> 1032 <tr> 1033 <td><a 1034 href="http://market.android.com/support/bin/answer.py?answer=186113">Market 1035 Licensing Support FAQ</a></td> 1036 </tr> 1037 <tr> 1038 <td>LVL issue tracker</td> 1039 <td><a href="http://code.google.com/p/marketlicensing/issues/">Marketlicensing 1040 project issue tracker</a></td> 1041 <td>Bug and issue reports related specifically to the LVL source code classes 1042 and interface implementations</td> 1043 </tr> 1044 1045 </table> 1046 1047 <p>For general information about how to post to the groups listed above, see <a 1048 href="{@docRoot}resources/community-groups.html">Developer Forums</a> document 1049 in the Resources tab.</p> 1050 1051 1052
