• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1page.title=Adding Licensing to Your App
2parent.title=Application Licensing
3parent.link=index.html
4@jd:body
5
6
7
8<div id="qv-wrapper">
9<div id="qv">
10
11  <h2>In this document</h2>
12  <ol>
13  <li><a href="#manifest-permission">Adding the Licensing Permission</a></li>
14  <li><a href="#impl-Policy">Implementing a Policy</a>
15    <ol>
16      <li><a href="#custom-policies">Guidelines for custom policies</a></li>
17      <li><a href="#ServerManagedPolicy">ServerManagedPolicy</a></li>
18      <li><a href="#StrictPolicy">StrictPolicy</a></li>
19    </ol>
20  </li>
21  <li><a href="#impl-Obfuscator">Implementing an Obfuscator</a>
22    <ol>
23      <li><a href="#AESObfuscator">AESObfuscator</a></li>
24    </ol>
25  </li>
26  <li><a href="#impl-lc">Checking the License from an Activity</a>
27    <ol>
28      <li><a href="#lc-overview">Overview of license check and response</a></li>
29      <li><a href="#imports">Add imports</a></li>
30      <li><a href="#lc-impl">Implement LicenseCheckerCallback as a private inner class</a></li>
31      <li><a href="#thread-handler">Create a Handler for posting from LicenseCheckerCallback
32to the UI thread</a></li>
33      <li><a href="#lc-lcc">Instantiate LicenseChecker and LicenseCheckerCallback</a></li>
34      <li><a href="#check-access">Call checkAccess() to initiate the license check</a></li>
35      <li><a href="#account-key">Embed your public key for licensing</a></li>
36      <li><a href="#handler-cleanup">Call your LicenseChecker's onDestroy() method
37to close IPC connections</a></li>
38    </ol>
39  </li>
40  <li><a href="#impl-DeviceLimiter">Implementing a DeviceLimiter</a></li>
41  <li><a href="#app-obfuscation">Obfuscating Your Code</a></li>
42  <li><a href="#app-publishing">Publishing a Licensed Application</a></li>
43  <li><a href="#support">Where to Get Support</a></li>
44</ol>
45
46</div>
47</div>
48
49
50
51<p>After you've set up a publisher account and development environment (see <a
52href="setting-up.html">Setting Up for Licensing</a>), you are ready to add license verification to
53your app with the License Verification Library (LVL).</p>
54
55<p>Adding license verification with the LVL involves these tasks:</p>
56
57<ol>
58<li><a href="#manifest-permission">Adding the licensing permission</a> your application's manifest.</li>
59<li><a href="#impl-Policy">Implementing a Policy</a> &mdash; you can choose one of the full implementations provided in the LVL or create your own.</li>
60<li><a href="#impl-Obfuscator">Implementing an Obfuscator</a>, if your {@code Policy} will cache any
61license response data. </li>
62<li><a href="#impl-lc">Adding code to check the license</a> in your application's main
63Activity.</li>
64<li><a href="#impl-DeviceLimiter">Implementing a DeviceLimiter</a> (optional and not recommended for
65most applications).</li>
66</ol>
67
68<p>The sections below describe these tasks. When you are done with the
69integration, you should be able to compile your application successfully and you
70can begin testing, as described in <a
71href="{@docRoot}google/play/licensing/setting-up.html#test-env">Setting Up the Test
72Environment</a>.</p>
73
74<p>For an overview of the full set of source files included in the LVL, see <a
75href="{@docRoot}google/play/licensing/licensing-reference.html#lvl-summary">Summary of LVL Classes
76and Interfaces</a>.</p>
77
78
79<h2 id="manifest-permission">Adding the Licensing Permission</h2>
80
81<p>To use the Google Play application for sending a license check to the
82server, your application must request the proper permission,
83<code>com.android.vending.CHECK_LICENSE</code>. If your application does
84not declare the licensing permission but attempts to initiate a license check,
85the LVL throws a security exception.</p>
86
87<p>To request the licensing permission in your application, declare a <a
88href="{@docRoot}guide/topics/manifest/uses-permission-element.html"><code>&lt;uses-permission&gt;</code></a>
89element as a child of <code>&lt;manifest&gt;</code>, as follows: </p>
90
91<p style="margin-left:2em;"><code>&lt;uses-permission
92android:name="com.android.vending.CHECK_LICENSE" /&gt;</code></p>
93
94<p>For example, here's how the LVL sample application declares the permission:
95</p>
96
97<pre>&lt;?xml version="1.0" encoding="utf-8"?&gt;
98
99&lt;manifest xmlns:android="http://schemas.android.com/apk/res/android" ..."&gt;
100    &lt;!-- Devices &gt;= 3 have version of Google Play that supports licensing. --&gt;
101    &lt;uses-sdk android:minSdkVersion="3" /&gt;
102    &lt;!-- Required permission to check licensing. --&gt;
103    &lt;uses-permission android:name="com.android.vending.CHECK_LICENSE" /&gt;
104    ...
105&lt;/manifest&gt;
106</pre>
107
108<p class="note"><strong>Note:</strong> Currently, you cannot declare the
109<code>CHECK_LICENSE</code> permission in the LVL library project's manifest,
110because the SDK Tools will not merge it into the manifests of dependent
111applications. Instead, you must declare the permission in each dependent
112application's manifest. </p>
113
114
115<h2 id="impl-Policy">Implementing a Policy</h2>
116
117<div class="sidebox-wrapper">
118<div class="sidebox">
119<h2>ServerManagedPolicy</h2>
120
121<p>The LVL includes a complete {@code Policy} implementation called ServerManagedPolicy
122that makes use of license-management settings provided by the Google Play
123server. </p>
124
125<p style="margin-top:.5em;">Use of ServerManagedPolicy as the basis for your
126Policy is strongly recommended. For more information, see <a
127href="#ServerManagedPolicy">ServerManagedPolicy</a> section, below.</p>
128
129</div>
130</div>
131
132<p>Google Play licensing service does not itself determine whether a
133given user with a given license should be granted access to your application.
134Rather, that responsibility is left to a {@code Policy} implementation that you provide
135in your application.</p>
136
137<p>Policy is an interface declared by the LVL that is designed to hold your
138application's logic for allowing or disallowing user access, based on the result
139of a license check. To use the LVL, your application <em>must</em> provide an
140implementation of {@code Policy}. </p>
141
142<p>The {@code Policy} interface declares two methods, <code>allowAccess()</code> and
143<code>processServerResponse()</code>, which are called by a {@code LicenseChecker}
144instance when processing a response from the license server. It also declares an
145enum called <code>LicenseResponse</code>, which specifies the license response
146value passed in calls to <code>processServerResponse()</code>. </p>
147
148<ul>
149<li><code>processServerResponse()</code> lets you preprocess the raw response
150data received from the licensing server, prior to determining whether to grant
151access.
152
153<p>A typical implementation would extract some or all fields from the license
154response and store the data locally to a persistent store, such as through
155{@link android.content.SharedPreferences} storage, to ensure that the data is
156accessible across application invocations and device power cycles. For example,
157a {@code Policy} would maintain the timestamp of the last successful license check, the
158retry count, the license validity period, and similar information in a
159persistent store, rather than resetting the values each time the application is
160launched.</p>
161
162<p>When storing response data locally, the {@code Policy} must ensure that the data is
163obfuscated (see <a href="#impl-Obfuscator">Implementing an Obfuscator</a>,
164below).</p></li>
165
166<li><code>allowAccess()</code> determines whether to grant the user access to
167your application, based on any available license response data (from the
168licensing server or from cache) or other application-specific information.  For
169example, your implementation of <code>allowAccess()</code> could take into
170account additional criteria, such as usage or other data retrieved from a
171backend server. In all cases, an implementation of <code>allowAccess()</code>
172should only return <code>true</code> if the user is licensed to use the
173application, as determined by the licensing server, or if there is a transient
174network or system problem that prevents the license check from completing. In
175such cases, your implementation can maintain a count of retry responses and
176provisionally allow access until the next license check is complete.</li>
177
178</ul>
179
180<p>To simplify the process of adding licensing to your application and to
181provide an illustration of how a {@code Policy} should be designed, the LVL includes
182two full {@code Policy} implementations that you can use without modification or
183adapt to your needs:</p>
184
185<ul>
186<li><a href="#ServerManagedPolicy">ServerManagedPolicy</a>, a flexible {@code Policy}
187that uses server-provided settings and cached responses to manage access across
188varied network conditions, and</li>
189<li><a href="#StrictPolicy">StrictPolicy</a>, which does not cache any response
190data and allows access <em>only</em> if the server returns a licensed
191response.</li>
192</ul>
193
194<p>For most applications, the use of ServerManagedPolicy is highly
195recommended. ServerManagedPolicy is the LVL default and is integrated with
196the LVL sample application.</p>
197
198
199<h3 id="custom-policies">Guidelines for custom policies</h3>
200
201<p>In your licensing implementation, you can use one of the complete policies
202provided in the LVL (ServerManagedPolicy or StrictPolicy) or you can create a
203custom policy. For any type of custom policy, there are several important design
204points to understand and account for in your implementation.</p>
205
206<p>The licensing server applies general request limits to guard against overuse
207of resources that could result in denial of service. When an application exceeds
208the request limit, the licensing server returns a 503 response, which gets
209passed through to your application as a general server error. This means that no
210license response will be available to the user until the limit is reset, which
211can affect the user for an indefinite period.</p>
212
213<p>If you are designing a custom policy, we recommend that the {@code Policy}:
214<ol>
215<!-- <li>Limits the number of points at which your app calls for a license check
216to the minimum. </li> -->
217<li>Caches (and properly obfuscates) the most recent successful license response
218in local persistent storage.</li>
219<li>Returns the cached response for all license checks, for as long as the
220cached response is valid, rather than making a request to the licensing server.
221Setting the response validity according to the server-provided <code>VT</code>
222extra is highly recommended. See <a
223href="{@docRoot}google/play/licensing/licensing-reference.html#extras">Server Response Extras</a>
224for more information.</li>
225<li>Uses an exponential backoff period, if retrying any requests the result in
226errors. Note that the Google Play client automatically retries failed
227requests, so in most cases there is no need for your {@code Policy} to retry them.</li>
228<li>Provides for a "grace period" that allows the user to access your
229application for a limited time or number of uses, while a license check is being
230retried. The grace period benefits the user by allowing access until the next
231license check can be completed successfully and it benefits you by placing a
232hard limit on access to your application when there is no valid license response
233available.</li>
234</ol>
235
236<p>Designing your {@code Policy} according to the guidelines listed above is critical,
237because it ensures the best possible experience for users while giving you
238effective control over your application even in error conditions. </p>
239
240<p>Note that any {@code Policy} can use settings provided by the licensing server to
241help manage validity and caching, retry grace period, and more. Extracting the
242server-provided settings is straightforward and making use of them is highly
243recommended. See the ServerManagedPolicy implementation for an example of how to
244extract and use the extras. For a list of server settings and information about
245how to use them, see  <a
246href="{@docRoot}google/play/licensing/licensing-reference.html#extras">Server Response
247Extras</a>.</p>
248
249<h3 id="ServerManagedPolicy">ServerManagedPolicy</h3>
250
251<div class="sidebox-wrapper">
252<div class="sidebox">
253<h2>Server Response Extras</h2>
254
255<p>For certain types of licensing responses, the licensing server appends extra
256settings to the responses, to help the application manage licensing effectively.
257</p>
258
259<p style="margin-top:.5em;">See <a
260href="{@docRoot}google/play/licensing/licensing-reference.html#extras">Server Response Extras</a>
261for
262a list of settings and <code>ServerManagedPolicy.java</code> for information
263about how a {@code Policy} can use the extras.</p>
264
265</div>
266</div>
267
268<p>The LVL includes a full and recommended implementation of the {@code Policy}
269interface called ServerManagedPolicy. The implementation is integrated with the
270LVL classes and serves as the default {@code Policy} in the library. </p>
271
272<p>ServerManagedPolicy provides all of the handling for license and retry
273responses. It caches all of the response data locally in a
274{@link android.content.SharedPreferences} file, obfuscating it with the
275application's {@code Obfuscator} implementation. This ensures that the license response
276data is secure and persists across device power cycles. ServerManagedPolicy
277provides concrete implementations of the interface methods
278<code>processServerResponse()</code> and <code>allowAccess()</code> and also
279includes a set of supporting methods and types for managing license
280responses.</p>
281
282<p>Importantly, a key feature of ServerMangedPolicy is its use of
283server-provided settings as the basis for managing licensing across an
284application's refund period and through varying network and error conditions.
285When an application contacts the Google Play server for a license check, the
286server appends several settings as key-value pairs in the extras field of certain
287license response types. For example, the server provides recommended values for the
288application's license validity period, retry grace period, and maximum allowable
289retry count, among others. ServerManagedPolicy extracts the values from the
290license response in its <code>processServerResponse()</code> method and checks
291them in its <code>allowAccess()</code> method. For a list of the server-provided
292settings used by ServerManagedPolicy, see <a
293href="{@docRoot}google/play/licensing/licensing-reference.html#extras">Server Response
294Extras</a>.</p>
295
296<p>For convenience, best performance, and the benefit of using license settings
297from the Google Play server, <strong>using ServerManagedPolicy as your
298licensing {@code Policy} is strongly recommended</strong>. </p>
299
300<p>If you are concerned about the security of license response data that is
301stored locally in {@link android.content.SharedPreferences}, you can use a stronger obfuscation
302algorithm or design a stricter {@code Policy} that does not store license data. The LVL
303includes an example of such a {@code Policy} &mdash; see <a
304href="#StrictPolicy">StrictPolicy</a> for more information.</p>
305
306<p>To use ServerManagedPolicy, simply import it to your Activity, create an
307instance, and pass a reference to the instance when constructing your
308{@code LicenseChecker}. See <a href="#lc-lcc">Instantiate LicenseChecker and
309LicenseCheckerCallback</a> for more information. </p>
310
311<h3 id="StrictPolicy">StrictPolicy</h3>
312
313<p>The LVL includes an alternative full implementation of the {@code Policy} interface
314called StrictPolicy. The StrictPolicy implementation provides a more restrictive
315Policy than ServerManagedPolicy, in that it does not allow the user to access
316the application unless a license response is received from the server at the
317time of access that indicates that the user is licensed.</p>
318
319<p>The principal feature of StrictPolicy is that it does not store <em>any</em>
320license response data locally, in a persistent store. Because no data is stored,
321retry requests are not tracked and cached responses can not be used to fulfill
322license checks. The {@code Policy} allows access only if:</p>
323
324<ul>
325<li>The license response is received from the licensing server, and </li>
326<li>The license response indicates that the user is licensed to access the
327application. </li>
328</ul>
329
330<p>Using StrictPolicy is appropriate if your primary concern is to ensure that,
331in all possible cases, no user will be allowed to access the application unless
332the user is confirmed to be licensed at the time of use. Additionally, the
333Policy offers slightly more security than ServerManagedPolicy &mdash; since
334there is no data cached locally, there is no way a malicious user could tamper
335with the cached data and obtain access to the application.</p>
336
337<p>At the same time, this {@code Policy} presents a challenge for normal users, since it
338means that they won't be able to access the application when there is no network
339(cell or Wi-Fi) connection available. Another side-effect is that your
340application will send more license check requests to the server, since using a
341cached response is not possible.</p>
342
343<p>Overall, this policy represents a tradeoff of some degree of user convenience
344for absolute security and control over access. Consider the tradeoff carefully
345before using this {@code Policy}.</p>
346
347<p>To use StrictPolicy, simply import it to your Activity, create an instance,
348and pass a reference to it when constructing your {@code LicenseChecker}. See
349<a href="#lc-lcc">Instantiate LicenseChecker and LicenseCheckerCallback</a>
350for more information. </p>
351
352<h2 id="impl-Obfuscator">Implementing an Obfuscator</h2>
353
354<div class="sidebox-wrapper">
355<div class="sidebox">
356<h2>AESObfuscator</h2>
357
358<p>The LVL includes a full {@code Obfuscator} implementation in the
359<code>AESObfuscator.java</code> file. The {@code Obfuscator} uses AES encryption to
360obfuscate/unobfuscate data. If you are using a {@code Policy} (such as
361ServerManagedPolicy) that caches license response data, using AESObfuscator as
362basis for your {@code Obfuscator} implementation is highly recommended. </p>
363
364</div>
365</div>
366
367<p>A typical {@code Policy} implementation needs to save the license response data for
368an application to a persistent store, so that it is accessible across
369application invocations and device power cycles.  For example, a {@code Policy} would
370maintain the timestamp of the last successful license check, the retry count,
371the license validity period, and similar information in a persistent store,
372rather than resetting the values each time the application is launched. The
373default {@code Policy} included in the LVL, ServerManagedPolicy, stores license response
374data in a {@link android.content.SharedPreferences} instance, to ensure that the
375data is persistent. </p>
376
377<p>Because the {@code Policy} will use stored license response data to determine whether
378to allow or disallow access to the application, it <em>must</em> ensure that any
379stored data is secure and cannot be reused or manipulated by a root user on a
380device. Specifically, the {@code Policy} must always obfuscate the data before storing
381it, using a key that is unique for the application and device. Obfuscating using
382a key that is both application-specific and device-specific is critical, because
383it prevents the obfuscated data from being shared among applications and
384devices.</p>
385
386<p>The LVL assists the application with storing its license response data in a
387secure, persistent manner. First, it provides an {@code Obfuscator}
388interface that lets your application supply the obfuscation algorithm of its
389choice for stored data. Building on that, the LVL provides the helper class
390PreferenceObfuscator, which handles most of the work of calling the
391application's {@code Obfuscator} class and reading and writing the obfuscated data in a
392{@link android.content.SharedPreferences} instance. </p>
393
394<p>The LVL provides a full {@code Obfuscator} implementation called
395AESObfuscator that uses AES encryption to obfuscate data. You can
396use AESObfuscator in your application without modification or you
397can adapt it to your needs. For more information, see the next section.</p>
398
399
400<h3 id="AESObfuscator">AESObfuscator</h3>
401
402<p>The LVL includes a full and recommended implementation of the {@code Obfuscator}
403interface called AESObfuscator. The implementation is integrated with the
404LVL sample application and serves as the default {@code Obfuscator} in the library. </p>
405
406<p>AESObfuscator provides secure obfuscation of data by using AES to
407encrypt and decrypt the data as it is written to or read from storage.
408The {@code Obfuscator} seeds the encryption using three data fields provided
409by the application: </p>
410
411<ol>
412<li>A salt &mdash; an array of random bytes to use for each (un)obfuscation. </li>
413<li>An application identifier string, typically the package name of the application.</li>
414<li>A device identifier string, derived from as many device-specific sources
415as possible, so as to make it as unique.</li>
416</ol>
417
418<p>To use AESObfuscator, first import it to your Activity. Declare a private
419static final array to hold the salt bytes and initialize it to 20 randomly
420generated bytes.</p>
421
422<pre>    ...
423    // Generate 20 random bytes, and put them here.
424    private static final byte[] SALT = new byte[] {
425     -46, 65, 30, -128, -103, -57, 74, -64, 51, 88, -95,
426     -45, 77, -117, -36, -113, -11, 32, -64, 89
427     };
428    ...
429</pre>
430
431<p>Next, declare a variable to hold a device identifier and generate a value for
432it in any way needed. For example, the sample application included in the LVL
433queries the system settings for the
434<code>android.Settings.Secure.ANDROID_ID</code>, which is unique to each device.
435</p>
436
437<p>Note that, depending on the APIs you use, your application might need to
438request additional permissions in order to acquire device-specific information.
439For example, to query the {@link android.telephony.TelephonyManager} to obtain
440the device IMEI or related data, the application will also need to request the
441<code>android.permission.READ_PHONE_STATE</code> permission in its manifest.</p>
442
443<p>Before requesting new permissions for the <em>sole purpose</em> of acquiring
444device-specific information for use in your {@code Obfuscator}, consider
445how doing so might affect your application or its filtering on Google Play
446(since some permissions can cause the SDK build tools to add
447the associated <code>&lt;uses-feature&gt;</code>).</p>
448
449<p>Finally, construct an instance of AESObfuscator, passing the salt,
450application identifier, and device identifier. You can construct the instance
451directly, while constructing your {@code Policy} and {@code LicenseChecker}. For example:</p>
452
453<pre>    ...
454    // Construct the LicenseChecker with a Policy.
455    mChecker = new LicenseChecker(
456        this, new ServerManagedPolicy(this,
457            new AESObfuscator(SALT, getPackageName(), deviceId)),
458        BASE64_PUBLIC_KEY  // Your public licensing key.
459        );
460    ...
461</pre>
462
463<p>For a complete example, see MainActivity in the LVL sample application.</p>
464
465
466<h2 id="impl-lc">Checking the License from an Activity</h2>
467
468<p>Once you've implemented a {@code Policy} for managing access to your application, the
469next step is to add a license check to your application, which initiates a query
470to the licensing server if needed and manages access to the application based on
471the license response. All of the work of adding the license check and handling
472the response takes place in your main {@link android.app.Activity} source file.
473</p>
474
475<p>To add the license check and handle the response, you must:</p>
476
477<ol>
478    <li><a href="#imports">Add imports</a></li>
479    <li><a href="#lc-impl">Implement LicenseCheckerCallback</a> as a private inner class</li>
480    <li><a href="#thread-handler">Create a Handler</a> for posting from LicenseCheckerCallback to the UI thread</li>
481    <li><a href="#lc-lcc">Instantiate LicenseChecker</a> and LicenseCheckerCallback</li>
482    <li><a href="#check-access">Call checkAccess()</a> to initiate the license check</li>
483    <li><a href="#account-key">Embed your public key</a> for licensing</li>
484    <li><a href="#handler-cleanup">Call your LicenseChecker's onDestroy() method</a> to close IPC connections.</li>
485</ol>
486
487<p>The sections below describe these tasks. </p>
488
489<h3 id="lc-overview">Overview of license check and response</h3>
490
491<div class="sidebox-wrapper">
492<div class="sidebox">
493<h2>Example: MainActivity</h2>
494
495<p>The sample application included with the LVL provides a full example of how
496to initiate a license check and handle the result, in the
497<code>MainActivity.java</code> file.</p>
498
499</div>
500</div>
501
502<p>In most cases, you should add the license check to your application's main
503{@link android.app.Activity}, in the {@link android.app.Activity#onCreate onCreate()} method. This
504ensures that when the user launches your application directly, the license check
505will be invoked immediately. In some cases, you can add license checks in other
506locations as well. For example, if your application includes multiple Activity
507components that other applications can start by {@link android.content.Intent},
508you could add license checks in those Activities.</p>
509
510<p>A license check consists of two main actions: </p>
511
512<ul>
513<li>A call to a method to initiate the license check &mdash; in the LVL, this is
514a call to the <code>checkAccess()</code> method of a {@code LicenseChecker} object that
515you construct.</li>
516<li>A callback that returns the result of the license check. In the LVL, this is
517a <code>LicenseCheckerCallback</code> interface that you implement. The
518interface declares two methods, <code>allow()</code> and
519<code>dontAllow()</code>, which are invoked by the library based on to the
520result of the license check. You implement these two methods with whatever logic
521you need, to allow or disallow the user access to your application. Note that
522these methods do not determine <em>whether</em> to allow access &mdash; that
523determination is the responsibility of your {@code Policy} implementation. Rather, these
524methods simply provide the application behaviors for <em>how</em> to allow and
525disallow access (and handle application errors).
526  <p>The <code>allow()</code> and <code>dontAllow()</code> methods do provide a "reason"
527for their response, which can be one of the {@code Policy} values, {@code LICENSED},
528{@code NOT_LICENSED}, or {@code RETRY}. In particular, you should handle the case in which
529the method receives the {@code RETRY} response for {@code dontAllow()} and provide the user with an
530"Retry" button, which might have happened because the service was unavailable during the
531request.</p></li>
532</ul>
533
534<div style="margin-bottom:2em;">
535
536<img src="{@docRoot}images/licensing_flow.png" style="text-align:left;margin-bottom:0;margin-left:3em;" />
537<div style="margin:.5em 0 1.5em 2em;padding:0"><strong>Figure 6.</strong> Overview of a
538typical license check interaction.</div>
539</div>
540
541<p>The diagram above illustrates how a typical license check takes place: </p>
542
543<ol>
544<li>Code in the application's main Activity instantiates {@code LicenseCheckerCallback}
545and {@code LicenseChecker} objects. When constructing {@code LicenseChecker}, the code passes in
546{@link android.content.Context}, a {@code Policy} implementation to use, and the
547publisher account's public key for licensing as parameters. </li>
548<li>The code then calls the <code>checkAccess()</code> method on the
549{@code LicenseChecker} object. The method implementation calls the {@code Policy} to determine
550whether there is a valid license response cached locally, in
551{@link android.content.SharedPreferences}.
552  <ul>
553    <li>If so, the <code>checkAccess()</code> implementation calls
554  <code>allow()</code>.</li>
555    <li>Otherwise, the {@code LicenseChecker} initiates a license check request that is sent
556  to the licensing server.</li>
557  </ul>
558
559<p class="note"><strong>Note:</strong> The licensing server always returns
560<code>LICENSED</code> when you perform a license check of a draft application.</p>
561</li>
562<li>When a response is received, {@code LicenseChecker} creates a LicenseValidator that
563verifies the signed license data and extracts the fields of the response, then
564passes them to your {@code Policy} for further evaluation.
565  <ul>
566    <li>If the license is valid, the {@code Policy} caches the response in
567{@link android.content.SharedPreferences} and notifies the validator, which then calls the
568<code>allow()</code> method on the {@code LicenseCheckerCallback} object. </li>
569    <li>If the license not valid, the {@code Policy} notifies the validator, which calls
570the <code>dontAllow()</code> method on {@code LicenseCheckerCallback}. </li>
571  </ul>
572</li>
573<li>In case of a recoverable local or server error, such as when the network is
574not available to send the request, {@code LicenseChecker} passes a {@code RETRY} response to
575your {@code Policy} object's <code>processServerResponse()</code> method.
576  <p>Also, both the {@code allow()} and {@code dontAllow()} callback methods receive a
577<code>reason</code> argument. The {@code allow()} method's reason is usually {@code
578Policy.LICENSED} or {@code Policy.RETRY} and the {@code dontAllow()} reason is usually {@code
579Policy.NOT_LICENSED} or {@code Policy.RETRY}. These response values are useful so you can show
580an appropriate response for the user, such as by providing a "Retry" button when {@code
581dontAllow()} responds with {@code Policy.RETRY}, which might have been because the service was
582unavailable.</p></li>
583<li>In case of a application error, such as when the application attempts to
584check the license of an invalid package name, {@code LicenseChecker} passes an error
585response to the LicenseCheckerCallback's  <code>applicationError()</code>
586method. </li>
587</ol>
588
589<p>Note that, in addition to initiating the license check and handling the
590result, which are described in the sections below, your application also needs
591to provide a <a href="#impl-Policy">Policy implementation</a> and, if the {@code Policy}
592stores response data (such as ServerManagedPolicy), an <a
593href="#impl-Obfuscator">Obfuscator</a> implementation. </p>
594
595
596<h3 id="imports">Add imports</h3>
597
598<p>First, open the class file of the application's main Activity and import
599{@code LicenseChecker} and {@code LicenseCheckerCallback} from the LVL package.</p>
600
601<pre>    import com.google.android.vending.licensing.LicenseChecker;
602    import com.google.android.vending.licensing.LicenseCheckerCallback;</pre>
603
604<p>If you are using the default {@code Policy} implementation provided with the LVL,
605ServerManagedPolicy, import it also, together with the AESObfuscator. If you are
606using a custom {@code Policy} or {@code Obfuscator}, import those instead. </p>
607
608<pre>    import com.google.android.vending.licensing.ServerManagedPolicy;
609    import com.google.android.vending.licensing.AESObfuscator;</pre>
610
611<h3 id="lc-impl">Implement LicenseCheckerCallback as a private inner class</h3>
612
613<p>{@code LicenseCheckerCallback} is an interface provided by the LVL for handling
614result of a license check. To support licensing using the LVL, you must
615implement {@code LicenseCheckerCallback} and
616its methods to allow or disallow access to the application.</p>
617
618<p>The result of a license check is always a call to one of the
619{@code LicenseCheckerCallback} methods, made based on the validation of the response
620payload, the server response code itself, and any additional processing provided
621by your {@code Policy}. Your application can implement the methods in any way needed. In
622general, it's best to keep the methods simple, limiting them to managing UI
623state and application access. If you want to add further processing of license
624responses, such as by contacting a backend server or applying custom constraints,
625you should consider incorporating that code into your {@code Policy}, rather than
626putting it in the {@code LicenseCheckerCallback} methods. </p>
627
628<p>In most cases, you should declare your implementation of
629{@code LicenseCheckerCallback} as a private class inside your application's main
630Activity class. </p>
631
632<p>Implement the <code>allow()</code> and <code>dontAllow()</code> methods as
633needed. To start with, you can use simple result-handling behaviors in the
634methods, such as displaying the license result in a dialog. This helps you get
635your application running sooner and can assist with debugging. Later, after you
636have determined the exact behaviors you want, you can add more complex handling.
637</p>
638
639<p>Some suggestions for handling unlicensed responses in
640<code>dontAllow()</code> include: </p>
641
642<ul>
643<li>Display a "Try again" dialog to the user, including a button to initiate a
644new license check if the <code>reason</code> supplied is {@code Policy.RETRY}. </li>
645<li>Display a "Purchase this application" dialog, including a button that
646deep-links the user to the application's details page on Google Play, from which the
647use can purchase the application. For more information on how to set up such
648links, see <a
649href="{@docRoot}distribute/tools/promote/linking.html">Linking to Your Products</a>. </li>
650<li>Display a Toast notification that indicates that the features of the
651application are limited because it is not licensed. </li>
652</ul>
653
654<p>The example below shows how the LVL sample application implements
655{@code LicenseCheckerCallback}, with methods that display the license check result in a
656dialog. </p>
657
658<pre>
659private class MyLicenseCheckerCallback implements LicenseCheckerCallback {
660    public void allow(int reason) {
661        if (isFinishing()) {
662            // Don't update UI if Activity is finishing.
663            return;
664        }
665        // Should allow user access.
666        displayResult(getString(R.string.allow));
667    }
668
669    public void dontAllow(int reason) {
670        if (isFinishing()) {
671            // Don't update UI if Activity is finishing.
672            return;
673        }
674        displayResult(getString(R.string.dont_allow));
675
676        if (reason == Policy.RETRY) {
677            // If the reason received from the policy is RETRY, it was probably
678            // due to a loss of connection with the service, so we should give the
679            // user a chance to retry. So show a dialog to retry.
680            showDialog(DIALOG_RETRY);
681        } else {
682            // Otherwise, the user is not licensed to use this app.
683            // Your response should always inform the user that the application
684            // is not licensed, but your behavior at that point can vary. You might
685            // provide the user a limited access version of your app or you can
686            // take them to Google Play to purchase the app.
687            showDialog(DIALOG_GOTOMARKET);
688        }
689    }
690}
691</pre>
692
693<p>Additionally, you should implement the <code>applicationError()</code>
694method, which the LVL calls to let your application handle errors that are not
695retryable. For a list of such errors, see <a
696href="{@docRoot}google/play/licensing/licensing-reference.html#server-response-codes">Server
697Response Codes</a> in the <a
698href="{@docRoot}google/play/licensing/licensing-reference.html">Licensing Reference</a>. You can implement
699the method in any way needed. In most cases, the
700method should log the error code and call <code>dontAllow()</code>.</p>
701
702<h3 id="thread-handler">Create a Handler for posting from LicenseCheckerCallback
703to the UI thread</h3>
704
705<p>During a license check, the LVL passes the request to the Google Play
706application, which handles communication with the licensing server. The LVL
707passes the request over asynchronous IPC (using {@link android.os.Binder}) so
708the actual processing and network communication do not take place on a thread
709managed by your application. Similarly, when the Google Play application
710receives the result, it invokes a  callback method over IPC, which in turn
711executes in an IPC thread pool in your application's process.</p>
712
713<p>The {@code LicenseChecker} class manages your application's IPC communication with
714the Google Play application, including the call that sends the request and
715the callback that receives the response. {@code LicenseChecker} also tracks open license
716requests and manages their timeouts. </p>
717
718<p>So that it can handle timeouts properly and also process incoming responses
719without affecting your application's UI thread, {@code LicenseChecker} spawns a
720background thread at instantiation. In the thread it does all processing of
721license check results, whether the result is a response received from the server
722or a timeout error. At the conclusion of processing, the LVL calls your
723{@code LicenseCheckerCallback} methods from the background thread. </p>
724
725<p>To your application, this means that:</p>
726
727<ol>
728<li>Your {@code LicenseCheckerCallback} methods will be invoked, in many cases, from a
729background thread.</li>
730<li>Those methods won't be able to update state or invoke any processing in the
731UI thread, unless you create a Handler in the UI thread and have your callback
732methods post to the Handler.</li>
733</ol>
734
735<p>If you want your {@code LicenseCheckerCallback} methods to update the UI thread,
736instantiate a {@link android.os.Handler} in the main Activity's
737{@link android.app.Activity#onCreate(android.os.Bundle) onCreate()} method,
738as shown below. In this example, the LVL sample application's
739{@code LicenseCheckerCallback} methods (see above) call <code>displayResult()</code> to
740update the UI thread through the Handler's
741{@link android.os.Handler#post(java.lang.Runnable) post()} method.</p>
742
743<pre>private Handler mHandler;
744
745    &#64;Override
746    public void onCreate(Bundle savedInstanceState) {
747        ...
748        mHandler = new Handler();
749    }
750</pre>
751
752<p>Then, in your {@code LicenseCheckerCallback} methods, you can use Handler methods to
753post Runnable or Message objects to the Handler. Here's how the sample
754application included in the LVL posts a Runnable to a Handler in the UI thread
755to display the license status.</p>
756
757<pre>    private void displayResult(final String result) {
758        mHandler.post(new Runnable() {
759            public void run() {
760                mStatusText.setText(result);
761                setProgressBarIndeterminateVisibility(false);
762                mCheckLicenseButton.setEnabled(true);
763            }
764        });
765    }
766</pre>
767
768<h3 id="lc-lcc">Instantiate LicenseChecker and LicenseCheckerCallback</h3>
769
770<p>In the main Activity's
771{@link android.app.Activity#onCreate(android.os.Bundle) onCreate()} method,
772create private instances of LicenseCheckerCallback and {@code LicenseChecker}. You must
773instantiate {@code LicenseCheckerCallback} first, because you need to pass a reference
774to that instance when you call the constructor for {@code LicenseChecker}. </p>
775
776<p>When you instantiate {@code LicenseChecker}, you need to pass in these parameters:</p>
777
778<ul>
779<li>The application {@link android.content.Context}</li>
780<li>A reference to the {@code Policy} implementation to use for the license check. In
781most cases, you would use the default {@code Policy} implementation provided by the LVL,
782ServerManagedPolicy. </li>
783<li>The String variable holding your publisher account's public key for
784licensing. </li>
785</ul>
786
787<p>If you are using ServerManagedPolicy, you won't need to access the class
788directly, so you can instantiate it in the {@code LicenseChecker} constructor,
789as shown in the example below. Note that you need to pass a reference to a new
790Obfuscator instance when you construct ServerManagedPolicy.</p>
791
792<p>The example below shows the instantiation of {@code LicenseChecker} and
793{@code LicenseCheckerCallback} from the <code>onCreate()</code> method of an Activity
794class. </p>
795
796<pre>public class MainActivity extends Activity {
797    ...
798    private LicenseCheckerCallback mLicenseCheckerCallback;
799    private LicenseChecker mChecker;
800
801    &#64;Override
802    public void onCreate(Bundle savedInstanceState) {
803        super.onCreate(savedInstanceState);
804        ...
805        // Construct the LicenseCheckerCallback. The library calls this when done.
806        mLicenseCheckerCallback = new MyLicenseCheckerCallback();
807
808        // Construct the LicenseChecker with a Policy.
809        mChecker = new LicenseChecker(
810            this, new ServerManagedPolicy(this,
811                new AESObfuscator(SALT, getPackageName(), deviceId)),
812            BASE64_PUBLIC_KEY  // Your public licensing key.
813            );
814        ...
815    }
816}
817</pre>
818
819
820<p>Note that {@code LicenseChecker} calls the {@code LicenseCheckerCallback} methods from the UI
821thread <em>only</em> if there is valid license response cached locally. If the
822license check is sent to the server, the callbacks always originate from the
823background thread, even for network errors. </p>
824
825
826<h3 id="check-access">Call checkAccess() to initiate the license check</h3>
827
828<p>In your main Activity, add a call to the <code>checkAccess()</code> method of the
829{@code LicenseChecker} instance. In the call, pass a reference to your
830{@code LicenseCheckerCallback} instance as a parameter. If you need to handle any
831special UI effects or state management before the call, you might find it useful
832to call <code>checkAccess()</code> from a wrapper method. For example, the LVL
833sample application calls <code>checkAccess()</code> from a
834<code>doCheck()</code> wrapper method:</p>
835
836<pre>    &#64;Override
837    public void onCreate(Bundle savedInstanceState) {
838        super.onCreate(savedInstanceState);
839        ...
840        // Call a wrapper method that initiates the license check
841        doCheck();
842        ...
843    }
844    ...
845    private void doCheck() {
846        mCheckLicenseButton.setEnabled(false);
847        setProgressBarIndeterminateVisibility(true);
848        mStatusText.setText(R.string.checking_license);
849        mChecker.checkAccess(mLicenseCheckerCallback);
850    }
851</pre>
852
853
854<h3 id="account-key">Embed your public key for licensing</h3>
855
856<p>For each application, the Google Play service automatically
857generates a  2048-bit RSA public/private key pair that is used for
858licensing and in-app billing. The key pair is uniquely associated with the
859application. Although associated with the application, the key pair is
860<em>not</em> the same as the key that you use to sign your applications (or derived from it).</p>
861
862<p>The Google Play Developer Console exposes the public key for licensing to any
863developer signed in to the Developer Console, but it keeps the private key
864hidden from all users in a secure location. When an application requests a
865license check for an application published in your account, the licensing server
866signs the license response using the private key of your application's key pair.
867When the LVL receives the response, it uses the public key provided by the
868application to verify the signature of the license response. </p>
869
870<p>To add licensing to an application, you must obtain your application's
871public key for licensing and copy it into your application. Here's how to find
872your application's public key for licensing:</p>
873
874<ol>
875<li>Go to the Google Play <a
876href="http://play.google.com/apps/publish">Developer Console</a> and sign in.
877Make sure that you sign in to the account from which the application you are
878licensing is published (or will be published). </li>
879<li>In the application details page, locate the <strong>Services & APIs</strong>
880link and click it. </li>
881<li>In the <strong>Services & APIs</strong> page, locate the
882<strong>Licensing & In-App Billing</strong> section. Your public key for
883licensing is given in the
884<strong>Your License Key For This Application</strong> field. </li>
885</ol>
886
887<p>To add the public key to your application, simply copy/paste the key string
888from the field into your application as the value of the String variable
889<code>BASE64_PUBLIC_KEY</code>. When you are copying, make sure that you have
890selected the entire key string, without omitting any characters. </p>
891
892<p>Here's an example from the LVL sample application:</p>
893
894<pre>    public class MainActivity extends Activity {
895        private static final String BASE64_PUBLIC_KEY = "MIIBIjANBgkqhkiG ... "; //truncated for this example
896    ...
897    }
898</pre>
899
900<h3 id="handler-cleanup">Call your LicenseChecker's onDestroy() method
901to close IPC connections</h3>
902
903<p>Finally, to let the LVL clean up before your application
904{@link android.content.Context} changes, add a call to the {@code LicenseChecker}'s
905<code>onDestroy()</code> method from your Activity's
906{@link android.app.Activity#onDestroy()} implementation. The call causes the
907{@code LicenseChecker} to properly close any open IPC connection to the Google Play
908application's ILicensingService and removes any local references to the service
909and handler.</p>
910
911<p>Failing to call the {@code LicenseChecker}'s <code>onDestroy()</code> method
912can lead to problems over the lifecycle of your application. For example, if the
913user changes screen orientation while a license check is active, the application
914{@link android.content.Context} is destroyed. If your application does not
915properly close the {@code LicenseChecker}'s IPC connection, your application will crash
916when the response is received. Similarly, if the user exits your application
917while a license check is in progress,  your application will crash when the
918response is received, unless it has properly called the
919{@code LicenseChecker}'s <code>onDestroy()</code> method to disconnect from the service.
920</p>
921
922<p>Here's an example from the sample application included in the LVL, where
923<code>mChecker</code> is the {@code LicenseChecker} instance:</p>
924
925<pre>    &#64;Override
926    protected void onDestroy() {
927        super.onDestroy();
928        mChecker.onDestroy();
929        ...
930    }
931</pre>
932
933<p>If you are extending or modifying {@code LicenseChecker}, you might also need to call
934the {@code LicenseChecker}'s <code>finishCheck()</code> method, to clean up any open IPC
935connections.</p>
936
937<h2 id="impl-DeviceLimiter">Implementing a DeviceLimiter</h2>
938
939<p>In some cases, you might want your {@code Policy} to limit the number of actual
940devices that are permitted to use a single license. This would prevent a user
941from moving a licensed application onto a number of devices and using the
942application on those devices under the same account ID. It would also prevent a
943user from "sharing" the application by providing the account information
944associated with the license to other individuals, who could then sign in to that
945account on their devices and access the license to the application. </p>
946
947<p>The LVL supports per-device licensing by providing a
948<code>DeviceLimiter</code> interface, which declares a single method,
949<code>allowDeviceAccess()</code>. When a LicenseValidator is handling a response
950from the licensing server, it calls <code>allowDeviceAccess()</code>, passing a
951user ID string extracted from the response.</p>
952
953<p>If you do not want to support device limitation, <strong>no work is
954required</strong> &mdash; the {@code LicenseChecker} class automatically uses a default
955implementation called NullDeviceLimiter. As the name suggests, NullDeviceLimiter
956is a "no-op" class whose <code>allowDeviceAccess()</code> method simply returns
957a <code>LICENSED</code> response for all users and devices. </p>
958
959<div style="border-left:4px solid #FFCF00;margin:1em;padding: 0 0 0 .5em">
960<p><strong>Caution:</strong> Per-device licensing is <em>not recommended for
961most applications</em> because:</p>
962<ul>
963<li>It requires that you provide a backend server to manage a users and devices
964mapping, and </li>
965<li>It could inadvertently result in a user being denied access to an
966application that they have legitimately purchased on another device.</li>
967</ul>
968</div>
969
970<h2 id="app-obfuscation">Obfuscating Your Code</h2>
971
972<p>To ensure the security of your application, particularly for a paid
973application that uses licensing and/or custom constraints and protections, it's
974very important to obfuscate your application code. Properly obfuscating your
975code makes it more difficult for a malicious user to decompile the application's
976bytecode, modify it &mdash; such as by removing the license check &mdash;
977and then recompile it.</p>
978
979<p>Several obfuscator programs are available for Android applications, including
980<a href="http://proguard.sourceforge.net/">ProGuard</a>, which also offers
981code-optimization features. The use of ProGuard or a similar program to obfuscate
982your code is <em>strongly recommended</em> for all applications that use Google
983Play Licensing. </p>
984
985<h2 id="app-publishing">Publishing a Licensed Application</h2>
986
987<p>When you are finished testing your license implementation, you are ready to
988publish the application on Google Play. Follow the normal steps to <a
989href="{@docRoot}tools/publishing/preparing.html">prepare</a>, <a
990href="{@docRoot}tools/publishing/app-signing.html">sign</a>, and then <a
991href="{@docRoot}distribute/tools/launch-checklist.html">publish the application</a>.
992</p>
993
994
995<h2 id="support">Where to Get Support</h2>
996
997<p>If you have questions or encounter problems while implementing or deploying
998publishing in your applications, please use the support resources listed in the
999table below. By directing your queries to the correct forum, you can get the
1000support you need more quickly. </p>
1001
1002<p class="table-caption"><strong>Table 2.</strong> Developer support resources
1003for Google Play Licensing Service.</p>
1004
1005<table>
1006
1007<tr>
1008<th>Support Type</th>
1009<th>Resource</th>
1010<th>Range of Topics</th>
1011</tr>
1012<tr>
1013<td rowspan="2">Development and testing issues</td>
1014<td>Google Groups: <a
1015href="http://groups.google.com/group/android-developers">android-developers</a>
1016</td>
1017<td rowspan="2">LVL download and integration, library projects, {@code Policy}
1018questions, user experience ideas, handling of responses, {@code Obfuscator}, IPC, test
1019environment setup</td>
1020</tr>
1021<tr>
1022<td>Stack Overflow: <a
1023href="http://stackoverflow.com/questions/tagged/android">http://stackoverflow.com/questions/tagged/android</a></td>
1024</tr>
1025<tr>
1026<td rowspan="2">Accounts, publishing, and deployment issues</td>
1027<td><a href="http://www.google.com/support/forum/p/Android+Market">Google Play
1028Help Forum</a></td>
1029<td rowspan="2">Publisher accounts, licensing key pair, test accounts, server
1030responses, test responses, application deployment and results</td>
1031</tr>
1032<tr>
1033<td><a
1034href="http://market.android.com/support/bin/answer.py?answer=186113">Market
1035Licensing Support FAQ</a></td>
1036</tr>
1037<tr>
1038<td>LVL issue tracker</td>
1039<td><a href="http://code.google.com/p/marketlicensing/issues/">Marketlicensing
1040project issue tracker</a></td>
1041<td>Bug and issue reports related specifically to the LVL source code classes
1042and interface implementations</td>
1043</tr>
1044
1045</table>
1046
1047<p>For general information about how to post to the groups listed above, see <a
1048href="{@docRoot}resources/community-groups.html">Developer Forums</a> document
1049in the Resources tab.</p>
1050
1051
1052