Android Pirates

Have you ever seen one of those annoying comments on the Android Market promising the riches and all the Android apps in the world for a low-low monthly price of $10? Sites like that pirate paid games and apps off the Market and then distribute them illegally, pocketing all the revenue. That's modern day warez at its finest.

Whether it was because of Android's openness or Google's notoriously poor focus on the Market, no DRM or licensing protection was available in the SDK for developers to utilize; so unless you rolled your own licensing scheme from within the app (which had a side effect of circumventing Google's payment system and therefore netted developers a whole lot more than 70% rev share), your app was easily "piratable".

Google DRM

Well, developers have had enough, and Google has eventually listened. An hour ago, Eric Chu from the Android team announced an official licensing service for Android applications.

image

The service will allow application developers to implement a license status check in their apps - an app would query the licensing server and get back a response stating whether it had been purchased through the Market or not.

This simple and free service provides a secure mechanism to manage access to all Android Market paid applications targeting Android 1.5 or higher.

At run time, with the inclusion of a set of libraries provided by us, your application can query the Android Market licensing server to determine the license status of your users.

It returns information on whether your users are authorized to use the app based on stored sales records.

What If Google (riiight) Or You (that's more like it) Are Offline?

Now, those of you who remember the Ubisoft Assassin's Creed DRM disaster can breathe a little easier - Google is well aware of the problems that can occur when you don't have a working connection or their servers are offline (which is unlikely but possible). This is why they will support both of these schemes:

  • a relaxed "chill out if you're offline" scheme
  • a strict "I need a connection every time you want to use the app" scheme

My guess is someone would need to either love getting 1-star reviews or be really-really paranoid to use the 2nd scheme, so most apps will stick to the safe first option.

To help you get started with a Policy, the LVL provides two fully complete Policy implementations that you can use without modification or adapt to your needs:

  • ServerManagedPolicy is a flexible Policy that uses settings provided by the licensing server to manage response caching and access to the application while the device is offline (such as when the user is on on an airplane). For most applications, the use of ServerManagedPolicy is highly recommended.
  • StrictPolicy is a restrictive Policy that does not cache any response data and allows the application access only when the server returns a licensed response.

A Few More Bits

Here are some points to keep in mind as you implement licensing in your application:

  • Only paid applications published through Market can use the service.
  • An application can use the service only if the Android Market client is installed on its host device and the device is running Android 1.5 (API level 3) or higher.
  • To complete a license check, the licensing server must be accessible over the network. You can implement license caching behaviors to manage access when there is no network connectivity.
  • The security of your application's licensing controls ultimately relies on the design of your implementation itself. The service provides the building blocks that let you securely check licensing, but the actual enforcement and handling of the license are factors in your control. By following the best practices in this document, you can help ensure that your implementation will be secure.
  • Adding licensing to an application does not affect the way the application functions when run on a device that does not offer Android Market.
  • Licensing is currently for paid apps only, since free apps are considered licensed for all users. If your application is already published as free, you won't be able to upload a new version that uses licensing.

Conclusion

Today's announcement is a solid step to reducing Android app piracy. Google has listened to developers' concerns and stepped it up. A more serious Market, happier, more confident (and properly paid) developers = better apps and games for all of us.

Now, devs, don't screw this up like Ubisoft did - we know where that 1-star button lives.

Sources: Google Android blog, Google's Licensing Guide