Home | History | Annotate | Download | only in licensing 
      1 page.title=Licensing Overview
      2 parent.title=Application Licensing
      3 parent.link=index.html
      4 @jd:body
      5 
      6 
      7 <div id="qv-wrapper">
      8 <div id="qv">
      9   
     10   <h2>Quickview</h2>
     11   <ul>
     12     <li>Licensing allows you to verify your app was purchased from Google Play</li>
     13     <li>Your app maintains control of how it enforces its licensing status</li>
     14     <li>The service is free for all developers who publish on Google Play</li>
     15   </ul>
     16   
     17   <h2>In this document</h2>
     18   <ol>
     19   <li><a href="#Secure">License Responses are Secure</a></li>
     20   <li><a href="#LVL">Licensing Verification Library</a></li>
     21   <li><a href="#Reqs">Requirements and Limitations</a></li>
     22   <li><a href="#CopyProtection">Replacement for Copy Protection</a></li>
     23 </ol>
     24   
     25 </div>
     26 </div>
     27 
     28 
     29 <p>Google Play Licensing is a network-based service that lets an application query a trusted
     30 Google Play licensing server to determine whether the application is licensed to the current
     31 device user. The licensing service is based on the capability of the Google Play licensing server
     32 to determine whether a given user is licensed to use a given application. Google Play considers a
     33 user to be licensed if the user is a recorded purchaser of the application.</p>
     34 
     35 <p>The request starts when your application makes a request to a service hosted by
     36 the Google Play client application. The Google Play application then sends a request to
     37 the licensing server and receives the result. The Google Play application sends
     38 the result to your application, which can allow or disallow further use of the
     39 application as needed.</p>
     40 
     41 <p class="note"><strong>Note:</strong> If a version of an app is in the alpha or
     42 beta channel, all users who are authorized to download and install that app are
     43 considered to be licensed users of the app. For more information, see <a
     44 href="{@docRoot}distribute/googleplay/developer-console.html#alpha-beta">Alpha
     45 and Beta Testing</a>.</p>
     46 
     47 <div class="figure" style="width:469px">
     48 <img src="{@docRoot}images/licensing_arch.png" alt=""/>
     49 <p class="img-caption"><strong>Figure 1.</strong> Your application initiates a
     50 license check through the License Verification Library and the Google Play
     51 client, which handles communication with the Google Play server.</p>
     52 </div>
     53 
     54 <p class="note"><strong>Note:</strong> Previously you could test an app by
     55 uploading an unpublished "draft" version. This functionality is no longer
     56 supported; instead, you must publish it to the alpha or beta distribution
     57 channel. For more information, see <a
     58 href="{@docRoot}google/play/billing/billing_testing.html#draft_apps">Draft Apps
     59 are No Longer Supported</a>.
     60 
     61 <p>To properly identify the user and determine the license status, the licensing server requires
     62 information about the application and user&mdash;your application and the Google Play client work
     63 together to assemble the information and the Google Play client passes it to the server. </p>
     64 
     65 <p>To help you add licensing to your application, the Android SDK provides a downloadable set of
     66 library sources that you can include in your application project: the Google Market
     67 Licensing package. The License Verification Library (LVL) is a library you can add to your
     68 application that
     69 handles all of the licensing-related communication with the Google Play licensing service. With
     70 the LVL added to your application, your application can determine its licensing status for the
     71 current user by simply calling a method and implementing a callback that receives the status
     72 response.</p>
     73 
     74 <p>Your application does not query the licensing server
     75 directly, but instead calls the Google Play client over remote IPC to
     76 initiate a license request. In the license request:</p>
     77 
     78 <ul>
     79 <li>Your application provides: its package name, a nonce that is later used to
     80 validate any response from the server, and a callback over which the
     81 response can be returned asynchronously.</li>
     82 <li>The Google Play client collects the necessary information about the user and the device,
     83 such as the device's primary Google account username, IMSI, and other
     84 information. It then sends the license check request to the server on behalf of
     85 your application.</li>
     86 <li>The Google Play server evaluates the request using all available information, attempting
     87 to establish the user's identity to a sufficient level of confidence. The server
     88 then checks the user identity against purchase records for your application and
     89 returns a license response, which the Google Play client returns to your
     90 application over the IPC callback.</li>
     91 </ul>
     92 
     93 <p>You can choose when, and how often, you want your application to check its
     94 license and you have full control over how it handles the response, verifies the
     95 signed response data, and enforces access controls.</p>
     96 
     97 <p>Notice that during a license check, your application does not manage any
     98 network connections or use any licensing related APIs in the Android platform.</p>
     99 
    100 
    101 
    102 
    103 <h2 id="Secure">License Responses are Secure</h2>
    104 
    105 <p>To ensure the integrity of each license query, the server signs the license
    106 response data using an RSA key pair that is shared exclusively between the Google Play
    107 server and you.</p>
    108 
    109 <p>The licensing service generates a single licensing key pair for each
    110 application and exposes the public key in your application's 
    111 <strong>Services & APIs</strong> page in the Developer Console. You must copy 
    112 the public key from the Developer Console and embed it in your application 
    113 source code. The server retains the private key internally and uses it to sign 
    114 license responses for the applications you publish with that account.</p>
    115 
    116 <p>When your application receives a signed response, it uses the embedded public
    117 key to verify the data. The use of public key cryptography in the licensing
    118 service makes it possible for the application to detect responses that have been
    119 tampered with or that are spoofed.</p>
    120 
    121 
    122 
    123 
    124 <h2 id="LVL">Licensing Verification Library</h2>
    125 
    126 <p>The Android SDK provides a downloadable package called the Google Market Licensing package,
    127 which includes the License Verification Library (LVL). The LVL greatly simplifies the process of
    128 adding licensing to your application and helps ensure a more secure, robust implementation for your
    129 application. The LVL provides internal classes that handle most of the standard operations of a
    130 license query, such as contacting the Google Play client to initiate a license request and
    131 verifying and validating the responses. It also exposes interfaces that let you easily plug in your
    132 custom code for defining licensing policy and managing access as needed by your application. The key
    133 LVL interfaces are: </p>
    134 
    135 <dl>
    136 <dt>{@code Policy}</dt>
    137   <dd>Your implementation determines whether to allow access to the
    138 application, based on the license response received from the server and any
    139 other data available (such as from a backend server associated with your
    140 application). The implementation can evaluate the various fields of the license
    141 response and apply other constraints, if needed. The implementation also lets
    142 you manage the handling of license checks that result in errors, such as network
    143 errors.</dd>
    144 
    145 <dt>{@code LicenseCheckerCallback}</dt>
    146   <dd>Your implementation manages access to the
    147 application, based on the result of the {@code Policy} object's handling of the license
    148 response. Your implementation can manage access in any way needed, including
    149 displaying the license result in the UI or directing the user to purchase the
    150 application (if not currently licensed).</dd>
    151 </dl>
    152 
    153 
    154 <p>To help you get started with a {@code Policy}, the LVL provides two fully complete
    155 {@code Policy} implementations that you can use without modification or adapt to your
    156 needs:</p>
    157 
    158 <dl>
    159 <dt><a href="adding-licensing.html#ServerManagedPolicy">{@code ServerManagedPolicy}</a></dt>
    160   <dd>A flexible {@code Policy}
    161 that uses settings provided by the licensing server to manage response caching
    162 and access to the application while the device is offline (such as when the
    163 user is on an airplane). For most applications, the use of
    164 {@code ServerManagedPolicy} is highly recommended.</dd>
    165 
    166 <dt><a href="adding-licensing.html#StrictPolicy">{@code StrictPolicy}</a></dt>
    167   <dd>A restrictive {@code Policy} that
    168 does not cache any response data and allows the application access <em>only</em>
    169 when the server returns a licensed response.</dd>
    170 </dl>
    171 
    172 <p>The LVL is available as a downloadable package of the Android SDK. The
    173 package includes both the LVL itself and an example application that shows how
    174 the library should be integrated with your application and how your application
    175 should manage response data, UI interaction, and error conditions. </p>
    176 
    177 <p>The LVL sources are provided as an Android <em>library project</em>, which
    178 means that you can maintain a single set of library sources and share them
    179 across multiple applications. A full test environment is also available through
    180 the SDK, so you can develop and test the licensing implementation in your
    181 applications before publishing them, even if you don't have access to a
    182 physical device.</p>
    183 
    184 
    185 
    186 
    187 <h2 id="Reqs">Requirements and Limitations</h2>
    188 
    189 <p>Google Play Licensing is designed to let you apply license controls to
    190 applications that you publish through Google Play. The service is not
    191 designed to let you control access to applications that are not published
    192 through Google Play or that are run on devices that do not offer the Google
    193 Play client. </p>
    194 
    195 <p>Here are some points to keep in mind as you implement licensing in your
    196 application: </p>
    197 
    198 <ul>
    199 <li>An application can use the service only if the Google Play client is
    200 installed on its host device and the device is running Android 1.5 (API level 3)
    201 or higher.</li>
    202 <li>To complete a license check, the licensing server must be accessible over
    203 the network. You can implement license caching behaviors to manage access to your application when
    204 there is no network connectivity. </li>
    205 <li>The security of your application's licensing controls ultimately relies on
    206 the design of your implementation itself. The service provides the building
    207 blocks that let you securely check licensing, but the actual enforcement and
    208 handling of the license are factors are up to you. By following the best
    209 practices in the following documents, you can help ensure that your implementation will be
    210 secure.</li>
    211 <li>Adding licensing to an application does not affect the way the application
    212 functions when run on a device that does not offer Google Play.</li>
    213 <li>You can implement licensing controls for a free app, but only if you're using the service to 
    214 provide <a
    215 href="{@docRoot}google/play/expansion-files.html">APK expansion files</a>.</li>
    216 </ul>
    217 
    218 
    219 
    220 <h2 id="CopyProtection">Replacement for Copy Protection</h2>
    221 
    222 <p>Google Play Licensing is a flexible, secure mechanism for controlling
    223 access to your applications. It effectively replaces the Copy Protection
    224 mechanism (no longer supported) that was previously offered on Google Play and
    225 gives you wider distribution potential for your applications. </p>
    226 
    227 <p>Licensing lets you move to a license-based model that is enforceable on
    228 all devices that have access to Google Play. Access is not bound to the
    229 characteristics of the host device, but to your
    230 application on Google Play (through the app's public key) and the
    231 licensing policy that you define. Your application can be installed and
    232 managed on any device on any storage, including SD card.</p>
    233 
    234 <p>Although no license mechanism can completely prevent all unauthorized use,
    235 the licensing service lets you control access for most types of normal usage,
    236 across all compatible devices, locked or unlocked, that run Android 1.5 or
    237 higher version of the platform.</p>
    238 
    239 <p>To begin adding application licensing to your application, continue to <a
    240 href="{@docRoot}google/play/licensing/setting-up.html">Setting Up for Licensing</a>.</p>
    241 
    242 
    243 
    244 
    245 
    246 
    247