1page.title=Licensing Overview 2parent.title=Application Licensing 3parent.link=index.html 4@jd:body 5 6 7<div id="qv-wrapper"> 8<div id="qv"> 9 10 <h2>Quickview</h2> 11 <ul> 12 <li>Licensing allows you to verify your app was purchased from Google Play</li> 13 <li>Your app maintains control of how it enforces its licensing status</li> 14 <li>The service is free for all developers who publish on Google Play</li> 15 </ul> 16 17 <h2>In this document</h2> 18 <ol> 19 <li><a href="#Secure">License Responses are Secure</a></li> 20 <li><a href="#LVL">Licensing Verification Library</a></li> 21 <li><a href="#Reqs">Requirements and Limitations</a></li> 22 <li><a href="#CopyProtection">Replacement for Copy Protection</a></li> 23</ol> 24 25</div> 26</div> 27 28 29<p>Google Play Licensing is a network-based service that lets an application query a trusted 30Google Play licensing server to determine whether the application is licensed to the current 31device user. The licensing service is based on the capability of the Google Play licensing server 32to determine whether a given user is licensed to use a given application. Google Play considers a 33user to be licensed if the user is a recorded purchaser of the application.</p> 34 35<p>The request starts when your application makes a request to a service hosted by 36the Google Play client application. The Google Play application then sends a request to 37the licensing server and receives the result. The Google Play application sends 38the result to your application, which can allow or disallow further use of the 39application as needed.</p> 40 41<p class="note"><strong>Note:</strong> If a paid application has been uploaded 42to Google Play, but saved only as a draft application (the app is 43unpublished), the licensing server considers all users to be licensed users of 44the application (because it's not even possible to purchase the app). This 45exception is necessary in order for you to perform testing of your licensing 46implementation.</p> 47 48<div class="figure" style="width:469px"> 49<img src="{@docRoot}images/licensing_arch.png" alt=""/> 50<p class="img-caption"><strong>Figure 1.</strong> Your application initiates a 51license check through the License Verification Library and the Google Play 52client, which handles communication with the Google Play server.</p> 53</div> 54 55 56<p>To properly identify the user and determine the license status, the licensing server requires 57information about the application and user—your application and the Google Play client work 58together to assemble the information and the Google Play client passes it to the server. </p> 59 60<p>To help you add licensing to your application, the Android SDK provides a downloadable set of 61library sources that you can include in your application project: the Google Market 62Licensing package. The License Verification Library (LVL) is a library you can add to your 63application that 64handles all of the licensing-related communication with the Google Play licensing service. With 65the LVL added to your application, your application can determine its licensing status for the 66current user by simply calling a method and implementing a callback that receives the status 67response.</p> 68 69<p>Your application does not query the licensing server 70directly, but instead calls the Google Play client over remote IPC to 71initiate a license request. In the license request:</p> 72 73<ul> 74<li>Your application provides: its package name, a nonce that is later used to 75validate any response from the server, and a callback over which the 76response can be returned asynchronously.</li> 77<li>The Google Play client collects the necessary information about the user and the device, 78such as the device's primary Google account username, IMSI, and other 79information. It then sends the license check request to the server on behalf of 80your application.</li> 81<li>The Google Play server evaluates the request using all available information, attempting 82to establish the user's identity to a sufficient level of confidence. The server 83then checks the user identity against purchase records for your application and 84returns a license response, which the Google Play client returns to your 85application over the IPC callback.</li> 86</ul> 87 88<p>You can choose when, and how often, you want your application to check its 89license and you have full control over how it handles the response, verifies the 90signed response data, and enforces access controls.</p> 91 92<p>Notice that during a license check, your application does not manage any 93network connections or use any licensing related APIs in the Android platform.</p> 94 95 96 97 98<h2 id="Secure">License Responses are Secure</h2> 99 100<p>To ensure the integrity of each license query, the server signs the license 101response data using an RSA key pair that is shared exclusively between the Google Play 102server and you.</p> 103 104<p>The licensing service generates a single licensing key pair for each 105application and exposes the public key in your application's 106<strong>Services & APIs</strong> page in the Developer Console. You must copy 107the public key from the Developer Console and embed it in your application 108source code. The server retains the private key internally and uses it to sign 109license responses for the applications you publish with that account.</p> 110 111<p>When your application receives a signed response, it uses the embedded public 112key to verify the data. The use of public key cryptography in the licensing 113service makes it possible for the application to detect responses that have been 114tampered with or that are spoofed.</p> 115 116 117 118 119<h2 id="LVL">Licensing Verification Library</h2> 120 121<p>The Android SDK provides a downloadable package called the Google Market Licensing package, 122which includes the License Verification Library (LVL). The LVL greatly simplifies the process of 123adding licensing to your application and helps ensure a more secure, robust implementation for your 124application. The LVL provides internal classes that handle most of the standard operations of a 125license query, such as contacting the Google Play client to initiate a license request and 126verifying and validating the responses. It also exposes interfaces that let you easily plug in your 127custom code for defining licensing policy and managing access as needed by your application. The key 128LVL interfaces are: </p> 129 130<dl> 131<dt>{@code Policy}</dt> 132 <dd>Your implementation determines whether to allow access to the 133application, based on the license response received from the server and any 134other data available (such as from a backend server associated with your 135application). The implementation can evaluate the various fields of the license 136response and apply other constraints, if needed. The implementation also lets 137you manage the handling of license checks that result in errors, such as network 138errors.</dd> 139 140<dt>{@code LicenseCheckerCallback}</dt> 141 <dd>Your implementation manages access to the 142application, based on the result of the {@code Policy} object's handling of the license 143response. Your implementation can manage access in any way needed, including 144displaying the license result in the UI or directing the user to purchase the 145application (if not currently licensed).</dd> 146</dl> 147 148 149<p>To help you get started with a {@code Policy}, the LVL provides two fully complete 150{@code Policy} implementations that you can use without modification or adapt to your 151needs:</p> 152 153<dl> 154<dt><a href="adding-licensing.html#ServerManagedPolicy">{@code ServerManagedPolicy}</a></dt> 155 <dd>A flexible {@code Policy} 156that uses settings provided by the licensing server to manage response caching 157and access to the application while the device is offline (such as when the 158user is on an airplane). For most applications, the use of 159{@code ServerManagedPolicy} is highly recommended.</dd> 160 161<dt><a href="adding-licensing.html#StrictPolicy">{@code StrictPolicy}</a></dt> 162 <dd>A restrictive {@code Policy} that 163does not cache any response data and allows the application access <em>only</em> 164when the server returns a licensed response.</dd> 165</dl> 166 167<p>The LVL is available as a downloadable package of the Android SDK. The 168package includes both the LVL itself and an example application that shows how 169the library should be integrated with your application and how your application 170should manage response data, UI interaction, and error conditions. </p> 171 172<p>The LVL sources are provided as an Android <em>library project</em>, which 173means that you can maintain a single set of library sources and share them 174across multiple applications. A full test environment is also available through 175the SDK, so you can develop and test the licensing implementation in your 176applications before publishing them, even if you don't have access to a 177physical device.</p> 178 179 180 181 182<h2 id="Reqs">Requirements and Limitations</h2> 183 184<p>Google Play Licensing is designed to let you apply license controls to 185applications that you publish through Google Play. The service is not 186designed to let you control access to applications that are not published 187through Google Play or that are run on devices that do not offer the Google 188Play client. </p> 189 190<p>Here are some points to keep in mind as you implement licensing in your 191application: </p> 192 193<ul> 194<li>An application can use the service only if the Google Play client is 195installed on its host device and the device is running Android 1.5 (API level 3) 196or higher.</li> 197<li>To complete a license check, the licensing server must be accessible over 198the network. You can implement license caching behaviors to manage access to your application when 199there is no network connectivity. </li> 200<li>The security of your application's licensing controls ultimately relies on 201the design of your implementation itself. The service provides the building 202blocks that let you securely check licensing, but the actual enforcement and 203handling of the license are factors are up to you. By following the best 204practices in the following documents, you can help ensure that your implementation will be 205secure.</li> 206<li>Adding licensing to an application does not affect the way the application 207functions when run on a device that does not offer Google Play.</li> 208<li>You can implement licensing controls for a free app, but only if you're using the service to 209provide <a 210href="{@docRoot}google/play/expansion-files.html">APK expansion files</a>.</li> 211</ul> 212 213 214 215<h2 id="CopyProtection">Replacement for Copy Protection</h2> 216 217<p>Google Play Licensing is a flexible, secure mechanism for controlling 218access to your applications. It effectively replaces the Copy Protection 219mechanism (no longer supported) that was previously offered on Google Play and 220gives you wider distribution potential for your applications. </p> 221 222<p>Licensing lets you move to a license-based model that is enforceable on 223all devices that have access to Google Play. Access is not bound to the 224characteristics of the host device, but to your 225application on Google Play (through the app's public key) and the 226licensing policy that you define. Your application can be installed and 227managed on any device on any storage, including SD card.</p> 228 229<p>Although no license mechanism can completely prevent all unauthorized use, 230the licensing service lets you control access for most types of normal usage, 231across all compatible devices, locked or unlocked, that run Android 1.5 or 232higher version of the platform.</p> 233 234<p>To begin adding application licensing to your application, continue to <a 235href="{@docRoot}google/play/licensing/setting-up.html">Setting Up for Licensing</a>.</p> 236 237 238 239 240 241 242
