Pirates looking to illegally copy Android applications are about to face a new challenge: today, Google’s Android team announced that it is releasing a new application Licensing Service for Android. The service, which is meant to help developers secure their applications from piracy, forces apps to ping Google’s home server at regular intervals to verify that they were legitimately purchased. Fail that check, and the app can lock you out.
According to the Dev Guide, developers are free to decide how they want to deal with an application that is deemed to be pirated (a developer could disable the app entirely, or perhaps they could activate a trial mode prompting the user to purchase the real thing). Only paid apps can currently be used with the service, though I’m not sure why you’d want to pirate a free one. The feature can be implemented on Android versions 1.5 and above using a set of official libraries.
Of course, cloud-based verification requires that your phone has network access — Google’s guide says that in the event that a device can’t communicate with the server, developers can add license caching behaviors. For example, you could set you app to only require verification, say, once a week.
So why go through all of this? Android has historically stored applications in a device’s internal storage — often with only be a few hundred megabytes or less available — but it recently began allowing developers to add support for encrypted SD card installs as well (SD cards typically offer far more storage space). But now Google appears to be abandoning the copy protection strategy in favor of this server-side verification. Google gives a few reasons for this:
- A limitation of copy protection is that applications using it can be installed only on compatible devices that provide a secure internal storage environment. For example, a copy-protected application cannot be downloaded from Market to a device that provides root access, and the application cannot be installed to a device’s SD card.
- With Android Market licensing, you can move to a license-based model in which access is not bound to the characteristics of the host device, but to your publisher account on Android Market and the licensing policy that you define. Your application can be installed and controlled on any compatible device on any storage, including SD card.
If this effectively wards off pirates then it will be great news for Android developers, but it adds one more potential issue for users: it’s up to devs to decide how often they want to have their application phone home to request verification, and an over-restrictive application could be really frustrating if you’re trying to use it on a plane or in an area with poor connectivity. That said, if a developer implements a policy that forces you to ping Google’s servers every time you launch the app for no good reason, then it’s probably going to get hammered with negative reviews.