Scott Main | 50e990c | 2012-06-21 17:14:39 -0700 | [diff] [blame] | 1 | page.title=Licensing Overview |
| 2 | parent.title=Application Licensing |
| 3 | parent.link=index.html |
| 4 | @jd:body |
| 5 | |
| 6 | |
| 7 | <div id="qv-wrapper"> |
| 8 | <div id="qv"> |
| 9 | |
| 10 | <h2>Quickview</h2> |
| 11 | <ul> |
| 12 | <li>Licensing allows you to verify your app was purchased from Google Play</li> |
| 13 | <li>Your app maintains control of how it enforces its licensing status</li> |
| 14 | <li>The service is free for all developers who publish on Google Play</li> |
| 15 | </ul> |
| 16 | |
| 17 | <h2>In this document</h2> |
| 18 | <ol> |
| 19 | <li><a href="#Secure">License Responses are Secure</a></li> |
| 20 | <li><a href="#LVL">Licensing Verification Library</a></li> |
| 21 | <li><a href="#Reqs">Requirements and Limitations</a></li> |
| 22 | <li><a href="#CopyProtection">Replacement for Copy Protection</a></li> |
| 23 | </ol> |
| 24 | |
| 25 | </div> |
| 26 | </div> |
| 27 | |
| 28 | |
| 29 | <p>Google Play Licensing is a network-based service that lets an application query a trusted |
| 30 | Google Play licensing server to determine whether the application is licensed to the current |
| 31 | device user. The licensing service is based on the capability of the Google Play licensing server |
| 32 | to determine whether a given user is licensed to use a given application. Google Play considers a |
| 33 | user to be licensed if the user is a recorded purchaser of the application.</p> |
| 34 | |
| 35 | <p>The request starts when your application makes a request to a service hosted by |
| 36 | the Google Play client application. The Google Play application then sends a request to |
| 37 | the licensing server and receives the result. The Google Play application sends |
| 38 | the result to your application, which can allow or disallow further use of the |
| 39 | application as needed.</p> |
| 40 | |
Andrew Solovay | aee20f9 | 2014-05-29 15:26:58 -0700 | [diff] [blame] | 41 | <p class="note"><strong>Note:</strong> If a version of an app is in the alpha or |
| 42 | beta channel, all users who are authorized to download and install that app are |
| 43 | considered to be licensed users of the app. For more information, see <a |
| 44 | href="{@docRoot}distribute/googleplay/developer-console.html#alpha-beta">Alpha |
| 45 | and Beta Testing</a>.</p> |
Scott Main | 50e990c | 2012-06-21 17:14:39 -0700 | [diff] [blame] | 46 | |
Scott Main | 50e990c | 2012-06-21 17:14:39 -0700 | [diff] [blame] | 47 | <div class="figure" style="width:469px"> |
| 48 | <img src="{@docRoot}images/licensing_arch.png" alt=""/> |
| 49 | <p class="img-caption"><strong>Figure 1.</strong> Your application initiates a |
| 50 | license check through the License Verification Library and the Google Play |
| 51 | client, which handles communication with the Google Play server.</p> |
| 52 | </div> |
| 53 | |
Andrew Solovay | aee20f9 | 2014-05-29 15:26:58 -0700 | [diff] [blame] | 54 | <p class="note"><strong>Note:</strong> Previously you could test an app by |
| 55 | uploading an unpublished "draft" version. This functionality is no longer |
| 56 | supported; instead, you must publish it to the alpha or beta distribution |
| 57 | channel. For more information, see <a |
| 58 | href="{@docRoot}google/play/billing/billing_testing.html#draft_apps">Draft Apps |
| 59 | are No Longer Supported</a>. |
Scott Main | 50e990c | 2012-06-21 17:14:39 -0700 | [diff] [blame] | 60 | |
| 61 | <p>To properly identify the user and determine the license status, the licensing server requires |
| 62 | information about the application and user—your application and the Google Play client work |
| 63 | together to assemble the information and the Google Play client passes it to the server. </p> |
| 64 | |
| 65 | <p>To help you add licensing to your application, the Android SDK provides a downloadable set of |
| 66 | library sources that you can include in your application project: the Google Market |
| 67 | Licensing package. The License Verification Library (LVL) is a library you can add to your |
| 68 | application that |
| 69 | handles all of the licensing-related communication with the Google Play licensing service. With |
| 70 | the LVL added to your application, your application can determine its licensing status for the |
| 71 | current user by simply calling a method and implementing a callback that receives the status |
| 72 | response.</p> |
| 73 | |
| 74 | <p>Your application does not query the licensing server |
| 75 | directly, but instead calls the Google Play client over remote IPC to |
| 76 | initiate a license request. In the license request:</p> |
| 77 | |
| 78 | <ul> |
| 79 | <li>Your application provides: its package name, a nonce that is later used to |
| 80 | validate any response from the server, and a callback over which the |
| 81 | response can be returned asynchronously.</li> |
| 82 | <li>The Google Play client collects the necessary information about the user and the device, |
| 83 | such as the device's primary Google account username, IMSI, and other |
| 84 | information. It then sends the license check request to the server on behalf of |
| 85 | your application.</li> |
| 86 | <li>The Google Play server evaluates the request using all available information, attempting |
| 87 | to establish the user's identity to a sufficient level of confidence. The server |
| 88 | then checks the user identity against purchase records for your application and |
| 89 | returns a license response, which the Google Play client returns to your |
| 90 | application over the IPC callback.</li> |
| 91 | </ul> |
| 92 | |
| 93 | <p>You can choose when, and how often, you want your application to check its |
| 94 | license and you have full control over how it handles the response, verifies the |
| 95 | signed response data, and enforces access controls.</p> |
| 96 | |
| 97 | <p>Notice that during a license check, your application does not manage any |
| 98 | network connections or use any licensing related APIs in the Android platform.</p> |
| 99 | |
| 100 | |
| 101 | |
| 102 | |
| 103 | <h2 id="Secure">License Responses are Secure</h2> |
| 104 | |
| 105 | <p>To ensure the integrity of each license query, the server signs the license |
| 106 | response data using an RSA key pair that is shared exclusively between the Google Play |
| 107 | server and you.</p> |
| 108 | |
| 109 | <p>The licensing service generates a single licensing key pair for each |
quddusc | ce4027b | 2013-03-29 15:32:38 -0700 | [diff] [blame] | 110 | application and exposes the public key in your application's |
| 111 | <strong>Services & APIs</strong> page in the Developer Console. You must copy |
| 112 | the public key from the Developer Console and embed it in your application |
| 113 | source code. The server retains the private key internally and uses it to sign |
| 114 | license responses for the applications you publish with that account.</p> |
Scott Main | 50e990c | 2012-06-21 17:14:39 -0700 | [diff] [blame] | 115 | |
| 116 | <p>When your application receives a signed response, it uses the embedded public |
| 117 | key to verify the data. The use of public key cryptography in the licensing |
| 118 | service makes it possible for the application to detect responses that have been |
| 119 | tampered with or that are spoofed.</p> |
| 120 | |
| 121 | |
| 122 | |
| 123 | |
| 124 | <h2 id="LVL">Licensing Verification Library</h2> |
| 125 | |
| 126 | <p>The Android SDK provides a downloadable package called the Google Market Licensing package, |
| 127 | which includes the License Verification Library (LVL). The LVL greatly simplifies the process of |
| 128 | adding licensing to your application and helps ensure a more secure, robust implementation for your |
| 129 | application. The LVL provides internal classes that handle most of the standard operations of a |
| 130 | license query, such as contacting the Google Play client to initiate a license request and |
| 131 | verifying and validating the responses. It also exposes interfaces that let you easily plug in your |
| 132 | custom code for defining licensing policy and managing access as needed by your application. The key |
| 133 | LVL interfaces are: </p> |
| 134 | |
| 135 | <dl> |
| 136 | <dt>{@code Policy}</dt> |
| 137 | <dd>Your implementation determines whether to allow access to the |
| 138 | application, based on the license response received from the server and any |
| 139 | other data available (such as from a backend server associated with your |
| 140 | application). The implementation can evaluate the various fields of the license |
| 141 | response and apply other constraints, if needed. The implementation also lets |
| 142 | you manage the handling of license checks that result in errors, such as network |
| 143 | errors.</dd> |
| 144 | |
| 145 | <dt>{@code LicenseCheckerCallback}</dt> |
| 146 | <dd>Your implementation manages access to the |
| 147 | application, based on the result of the {@code Policy} object's handling of the license |
| 148 | response. Your implementation can manage access in any way needed, including |
| 149 | displaying the license result in the UI or directing the user to purchase the |
| 150 | application (if not currently licensed).</dd> |
| 151 | </dl> |
| 152 | |
| 153 | |
| 154 | <p>To help you get started with a {@code Policy}, the LVL provides two fully complete |
| 155 | {@code Policy} implementations that you can use without modification or adapt to your |
| 156 | needs:</p> |
| 157 | |
| 158 | <dl> |
| 159 | <dt><a href="adding-licensing.html#ServerManagedPolicy">{@code ServerManagedPolicy}</a></dt> |
| 160 | <dd>A flexible {@code Policy} |
| 161 | that uses settings provided by the licensing server to manage response caching |
| 162 | and access to the application while the device is offline (such as when the |
| 163 | user is on an airplane). For most applications, the use of |
| 164 | {@code ServerManagedPolicy} is highly recommended.</dd> |
| 165 | |
| 166 | <dt><a href="adding-licensing.html#StrictPolicy">{@code StrictPolicy}</a></dt> |
| 167 | <dd>A restrictive {@code Policy} that |
| 168 | does not cache any response data and allows the application access <em>only</em> |
| 169 | when the server returns a licensed response.</dd> |
| 170 | </dl> |
| 171 | |
| 172 | <p>The LVL is available as a downloadable package of the Android SDK. The |
| 173 | package includes both the LVL itself and an example application that shows how |
| 174 | the library should be integrated with your application and how your application |
| 175 | should manage response data, UI interaction, and error conditions. </p> |
| 176 | |
| 177 | <p>The LVL sources are provided as an Android <em>library project</em>, which |
| 178 | means that you can maintain a single set of library sources and share them |
| 179 | across multiple applications. A full test environment is also available through |
| 180 | the SDK, so you can develop and test the licensing implementation in your |
| 181 | applications before publishing them, even if you don't have access to a |
| 182 | physical device.</p> |
| 183 | |
| 184 | |
| 185 | |
| 186 | |
| 187 | <h2 id="Reqs">Requirements and Limitations</h2> |
| 188 | |
| 189 | <p>Google Play Licensing is designed to let you apply license controls to |
| 190 | applications that you publish through Google Play. The service is not |
| 191 | designed to let you control access to applications that are not published |
| 192 | through Google Play or that are run on devices that do not offer the Google |
| 193 | Play client. </p> |
| 194 | |
| 195 | <p>Here are some points to keep in mind as you implement licensing in your |
| 196 | application: </p> |
| 197 | |
| 198 | <ul> |
| 199 | <li>An application can use the service only if the Google Play client is |
| 200 | installed on its host device and the device is running Android 1.5 (API level 3) |
| 201 | or higher.</li> |
| 202 | <li>To complete a license check, the licensing server must be accessible over |
| 203 | the network. You can implement license caching behaviors to manage access to your application when |
| 204 | there is no network connectivity. </li> |
| 205 | <li>The security of your application's licensing controls ultimately relies on |
| 206 | the design of your implementation itself. The service provides the building |
| 207 | blocks that let you securely check licensing, but the actual enforcement and |
| 208 | handling of the license are factors are up to you. By following the best |
| 209 | practices in the following documents, you can help ensure that your implementation will be |
| 210 | secure.</li> |
| 211 | <li>Adding licensing to an application does not affect the way the application |
| 212 | functions when run on a device that does not offer Google Play.</li> |
| 213 | <li>You can implement licensing controls for a free app, but only if you're using the service to |
| 214 | provide <a |
Dirk Dougherty | 2b286bb | 2012-11-29 17:25:09 -0800 | [diff] [blame] | 215 | href="{@docRoot}google/play/expansion-files.html">APK expansion files</a>.</li> |
Scott Main | 50e990c | 2012-06-21 17:14:39 -0700 | [diff] [blame] | 216 | </ul> |
| 217 | |
| 218 | |
| 219 | |
| 220 | <h2 id="CopyProtection">Replacement for Copy Protection</h2> |
| 221 | |
| 222 | <p>Google Play Licensing is a flexible, secure mechanism for controlling |
| 223 | access to your applications. It effectively replaces the Copy Protection |
Dirk Dougherty | aca4a77 | 2012-09-04 18:09:08 -0700 | [diff] [blame] | 224 | mechanism (no longer supported) that was previously offered on Google Play and |
| 225 | gives you wider distribution potential for your applications. </p> |
Scott Main | 50e990c | 2012-06-21 17:14:39 -0700 | [diff] [blame] | 226 | |
Dirk Dougherty | aca4a77 | 2012-09-04 18:09:08 -0700 | [diff] [blame] | 227 | <p>Licensing lets you move to a license-based model that is enforceable on |
| 228 | all devices that have access to Google Play. Access is not bound to the |
| 229 | characteristics of the host device, but to your |
quddusc | ce4027b | 2013-03-29 15:32:38 -0700 | [diff] [blame] | 230 | application on Google Play (through the app's public key) and the |
Dirk Dougherty | aca4a77 | 2012-09-04 18:09:08 -0700 | [diff] [blame] | 231 | licensing policy that you define. Your application can be installed and |
| 232 | managed on any device on any storage, including SD card.</p> |
Scott Main | 50e990c | 2012-06-21 17:14:39 -0700 | [diff] [blame] | 233 | |
| 234 | <p>Although no license mechanism can completely prevent all unauthorized use, |
| 235 | the licensing service lets you control access for most types of normal usage, |
| 236 | across all compatible devices, locked or unlocked, that run Android 1.5 or |
| 237 | higher version of the platform.</p> |
| 238 | |
| 239 | <p>To begin adding application licensing to your application, continue to <a |
Dirk Dougherty | 2b286bb | 2012-11-29 17:25:09 -0800 | [diff] [blame] | 240 | href="{@docRoot}google/play/licensing/setting-up.html">Setting Up for Licensing</a>.</p> |
Scott Main | 50e990c | 2012-06-21 17:14:39 -0700 | [diff] [blame] | 241 | |
| 242 | |
| 243 | |
| 244 | |
| 245 | |
| 246 | |