I would like to in my application user can download content on http, but without having to log on.
how to check whether the request to the server came with the purchased android application?
PS. Sorry for terrible english.
It can be easily handled by Android LVL library. In brief it works in following way:
Once user purchase application LVL library can get through
Android Market application service response from Android market
server that application is licensed
Application itself can store in local file system hash of licensing server
response
So your application can use those hash to identify whether application is purchased or not yet.
If you are using single APK for free and paid , you must be using in app billing API .so use it for server authentication also .
else if it is only one APK on market then every installation would be purchased one i guess .
I would generate a some kind of key for the premium version (one key for all the premium version). For example:
You are allowed to download (premium):
http://www.myurl.com/download.php?parameter1=xxx&key=myPremiumVersionKey
You are not allowed to download because no key/wrong key is given (free version):
http://www.myurl.com/download.php?parameter1=xxx
Related
We have the same application for several clients. This application, for security reasons, cannot be published to Google Play, so we distribute it manually to customers.
The problem is that every time there is a new version of the application we have to contact all customers and update all their applications.
Isn't there a way to have private applications on google play and give access to different clients so that they can download the updates for those applications?
I've seen this, but I'm not sure if it behaves like I expect: https://support.google.com/googleplay/android-developer/answer/3131213?hl=en#runtest
Of course you can, there is an internal test app version available in the Play Store where you can upload your app version. Once uploaded you will have a private link available and only the people with access to that link will be able to download the app.
I guess you can publish as a "beta" version of the application https://support.google.com/googleplay/answer/7003180. You can define your clients as beta-testers and app would be visible on market only for them.
I have an approach, Assume you have an .apk file in your website. every customer will download it from here. Now you have to make an API call whenever user will use your application to make sure that they are using the latest version of application by sending the version details to server. If the user is using an older version (This you will get from server/api response) block the screen and redirect them to server to download the new .apk.
You can store the response to a local/DB so they can not use your application in offline mode also.
I am working on an app that would require an activation code in order to be used after being downloaded (user will get the code by postal mail). I understand that Apple will be rejecting the App, but can someone confirm if that functionality (activation code for an app) would be valid for Android? And that it could be used.
Before building up a prototype I would need to confirm this fact.
Anyhow, I will limit the audience of my App to Android users as I see that I have no options with MAC.
You should read the Google Play Developer Policies as your starting point (in particular the section "Paid and Free Apps").
If you are using activation codes to bypass app payments or in-app payments, you will be in violation of Google's policies. If the activation code is an integral part of your app's functionality (for example you are sending it by post to verify a user's address) then you should generally be okay.
Disclaimer: I am not a lawyer.
I was using an app once that was later pulled from the Play store because you could purchase some premium features over PayPal (without Google Play). If you intend on charging for this code it might and probably will be an issue, however, if you will distribute the code free of charge to select customers it might work.
But, a better way of doing it would be with a Google Play group. You'd mark your app as beta and make a test group, that would only include the people you want.
But if you want to limit your audience there is really no reason to put your app on Google Play, just distribute your .apk file through your website, and have a serial code as a backup.
I'm totally new to the Android Play store. I'm working on an app that is almost finished and ready to publish.
But I notice that you can copy the apk file (after purchase) to another location (sd card for example) and install it on another device. That is something I want to avoid.
My questions are:
Does the Google Play store sign the apk file with some unique id before downloading? If is true, can I read/get this code from the
apk?
Is it possible to know the email-address of the user that purchase the app or can I access some other details of the user?
Is it possible to get an unique detail of the device?
Is there another solution available to protect the copy of the apk?
I want to create a registration method that binds the device to the app, so when the user tried to copy the app, it is not possible to use it. Is this all possible?
If you have any questions, let me know.
PS: I used Adobe Flash Builder to build the app.
Your best bet is a combination of LVL (Android License Verification Library) and tracking device installations.
LVL
http://developer.android.com/guide/market/licensing/index.html
Tracking Device installations
http://android-developers.blogspot.in/2011/03/identifying-app-installations.html
To verify that the user has paid there is a Google Play Licensing service, you can use it. There are copy protection mechanisms on Google Play if you choose to use them, but they are deprecated now since you are supposed to use the service I just mentioned. You can gather some unique device details, there are APIs to do that, but this is not really needed.
I am using Android Licensing as described here:
http://developer.android.com/guide/market/licensing/index.html
(...to verify that my customers for my android app have actually payed for the app.) My app has a server component on the web, and for extra safety I'm doing the license validation on this server.
It all works okay. Now, to my problem. Since each new user ties up resources on my central server, I'm actually kind of reluctant to have non-paying users. I have seen some evidence of users continuing to use the app after having gotten a refund (per the normal 15-minute grace period).
To curb this behavior, it would be great if there was some way to map the payment of users at Google Checkout, to actual users in my system. Is this possible?
The ResponseData that I receive from the android license server contains a field called "userId", but this doesn't seem to correspond to any information in Google Checkout. (See http://www.androidadb.com/source/skylight1-read-only/GoogleLVL/src/com/android/vending/licensing/ResponseData.java.html for the definition of ResponseData.)
Is it possible to determine which payment in Checkout maps to which app installation?
As I currently understand it, the userId is obfuscated even on a per-app basis such that you can uniquely identify users per app but not figure which user it is nor whether the same user bought another app.
But I'm not sure you really need to identify these customers based on userId. If you have a server running anyway, the best way to protect your app is to have your server check the licence.
App -> Server: Give me a new nonce
Server -> App: Here is a secure random nonce
App -> Licence Service: Check user licence with this secure random nonce
Licence Service -> App: Signed licence response including repetition of nonce
App -> Server: Check licence signature with secret key (only on server)
Server -> App: Reject, or provide random token for access, etc
In this scenario, you won't authenticate users even if they mess with your LVL checking code.
However, you may of course introduce vulnerabilities after step 6 if you don't watch your step. Still, if you're currently using the standard LVL code and App-side licence check with the secret key stored in your app, changing to a mechanism as sketched above would be a huge improvement (there's even a script to remove standard LVL checking code from apps).
I am facing the problem in licensing of my old published paid apps. Basically i have paid app which is published by version code 1. I implemented the license code on it, it working fine to me. Licensing server giving the response or allow that you can use it. But once i changed version code from 1 to 2 in manifest file, then licensing service not allow to use the app.Server giving the response dont allow. I not understanderd, y it has relation with version code? i can't publish the update version.???
Moreover, i am already login to my publisher account, i have setting of LICENSED in edit profile section.
If I'm understanding you correctly...
From the developer docs:
Once an application is uploaded and
becomes known to the licensing server,
developers and testers can continue
modify the application in their local
development environment, without
having to upload new versions. You
only need to upload a new version if
the local application increments the
versionCode attribute in the manifest
file.
So basically upload (but don't publish) your licensed v2, then test v2 in the emulator - it should accept the licensing now. (You may have to "save" on the app page, but I'm not sure) If everything is good, click "Publish" to make it live.