By Barry Burd

If you license your Android app, no device can run your app unless the device checks in with a server. The server ensures that the device has permission to run your app. Here are some scenarios for an app (free or paid), with and without licensing:

  • Best case scenario with licensing: A user buys your app and copies the .apk file to another user’s device. The other user hasn’t paid for your app. The other user tries to run the app, but can’t run it because of the licensing restrictions.

  • Worst case scenario without licensing: A user buys your app and copies the .apk file to a file-sharing website. People download and install your .apk file and run the code for free. (Ooo! That’s bad!)

  • Worst case scenario with licensing: A user buys your app, cracks the licensing, and copies the .apk file to a file-sharing website. People download and install the cracked version of your .apk file and run the code for free. (That’s bad, too.)

  • Best case scenario without licensing: No one ever tries to steal your app. Or, if someone steals your app, the additional distribution of your app works to your advantage.

All things considered, you want to consider licensing with any paid app. Licensing is also a good precaution with a free app (to help you maintain ownership of the app’s concept).

To enable licensing in your app, you must install the Google Play Licensing Library (also known as LVL — the Licensing Verification Library) using the Android SDK Manager. You must add that library to your app’s project. You must obtain the app’s licensing key (a sequence of about 400 gibberish characters) from the Developer Console and add the key to your main activity. You must add additional code in your app to check a device’s license and to respond (based on the result of the check).

The additional code implements one of three possible policies:

  • Strict policy: Whenever the user tries to launch your app, the device asks the Google Play server for approval to run the app. If the user tries to launch your app when the device has no connectivity, the user is out of luck. Life’s tough.

  • Server-managed policy: The user’s device stores a copy of the user’s license. The device uses the copy when network connectivity is unavailable. The license is obfuscated (so it’s tamper-resistant), and the license keeps track of trial periods, expiration dates, and other stuff. This is the default policy, and it’s the policy that Google highly recommends.

  • Custom policy: Create your own policy with Java code in your app. As a developer, this choice should make you nervous. But for very sensitive situations, this choice might be the best.

You use the Developer Console to create beta testers for your soon-to-be-published app. You can also name some special beta testers for your app’s licensing scheme. Your testers attempt to run the app when (as they know darn well) they shouldn’t get permission. The Developer Console keeps track of successes and failures so you can find out if your licensing scheme works correctly.

For all the details about the licensing of apps, visit Android’s Developer site.