Google Play Licensing is a network-based service that lets an application query a trusted Google Play licensing server to determine whether the application is licensed to the current device user. The licensing service is based on the capability of the Google Play licensing server to determine whether a given user is licensed to use a given application. Google Play considers a user to be licensed if the user is a recorded purchaser of the application.
The request starts when your application makes a request to a service hosted by the Google Play client application. The Google Play application then sends a request to the licensing server and receives the result. The Google Play application sends the result to your application, which can allow or disallow further use of the application as needed.
Note: If a version of an app is in the alpha or beta channel, all users who are authorized to download and install that app are considered to be licensed users of the app. For more information, see Alpha and Beta Testing.
Note: Previously you could test an app by uploading an unpublished "draft" version. This functionality is no longer supported; instead, you must publish it to the alpha or beta distribution channel. For more information, see Draft Apps are No Longer Supported.
To properly identify the user and determine the license status, the licensing server requires information about the application and user—your application and the Google Play client work together to assemble the information and the Google Play client passes it to the server.
To help you add licensing to your application, the Android SDK provides a downloadable set of library sources that you can include in your application project: the Google Market Licensing package. The License Verification Library (LVL) is a library you can add to your application that handles all of the licensing-related communication with the Google Play licensing service. With the LVL added to your application, your application can determine its licensing status for the current user by simply calling a method and implementing a callback that receives the status response.
Your application does not query the licensing server directly, but instead calls the Google Play client over remote IPC to initiate a license request. In the license request:
You can choose when, and how often, you want your application to check its license and you have full control over how it handles the response, verifies the signed response data, and enforces access controls.
Notice that during a license check, your application does not manage any network connections or use any licensing related APIs in the Android platform.
To ensure the integrity of each license query, the server signs the license response data using an RSA key pair that is shared exclusively between the Google Play server and you.
The licensing service generates a single licensing key pair for each application and exposes the public key in your application's Services & APIs page in the Developer Console. You must copy the public key from the Developer Console and embed it in your application source code. The server retains the private key internally and uses it to sign license responses for the applications you publish with that account.
When your application receives a signed response, it uses the embedded public key to verify the data. The use of public key cryptography in the licensing service makes it possible for the application to detect responses that have been tampered with or that are spoofed.
The Android SDK provides a downloadable package called the Google Market Licensing package, which includes the License Verification Library (LVL). The LVL greatly simplifies the process of adding licensing to your application and helps ensure a more secure, robust implementation for your application. The LVL provides internal classes that handle most of the standard operations of a license query, such as contacting the Google Play client to initiate a license request and verifying and validating the responses. It also exposes interfaces that let you easily plug in your custom code for defining licensing policy and managing access as needed by your application. The key LVL interfaces are:
Policyobject's handling of the license response. Your implementation can manage access in any way needed, including displaying the license result in the UI or directing the user to purchase the application (if not currently licensed).
To help you get started with a
Policy, the LVL provides two fully complete
Policy implementations that you can use without modification or adapt to your
Policythat uses settings provided by the licensing server to manage response caching and access to the application while the device is offline (such as when the user is on an airplane). For most applications, the use of
ServerManagedPolicyis highly recommended.
Policythat does not cache any response data and allows the application access only when the server returns a licensed response.
The LVL is available as a downloadable package of the Android SDK. The package includes both the LVL itself and an example application that shows how the library should be integrated with your application and how your application should manage response data, UI interaction, and error conditions.
The LVL sources are provided as an Android library project, which means that you can maintain a single set of library sources and share them across multiple applications. A full test environment is also available through the SDK, so you can develop and test the licensing implementation in your applications before publishing them, even if you don't have access to a physical device.
Google Play Licensing is designed to let you apply license controls to applications that you publish through Google Play. The service is not designed to let you control access to applications that are not published through Google Play or that are run on devices that do not offer the Google Play client.
Here are some points to keep in mind as you implement licensing in your application:
Google Play Licensing is a flexible, secure mechanism for controlling access to your applications. It effectively replaces the Copy Protection mechanism (no longer supported) that was previously offered on Google Play and gives you wider distribution potential for your applications.
Licensing lets you move to a license-based model that is enforceable on all devices that have access to Google Play. Access is not bound to the characteristics of the host device, but to your application on Google Play (through the app's public key) and the licensing policy that you define. Your application can be installed and managed on any device on any storage, including SD card.
Although no license mechanism can completely prevent all unauthorized use, the licensing service lets you control access for most types of normal usage, across all compatible devices, locked or unlocked.
To begin adding application licensing to your application, continue to Setting Up for Licensing.