Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Android Offload license validation to a trusted server

Tags:

java

android

php

license-key

I've been reading about LVL and have implemented it in my app before with a splash screen checking the license.. but I'm sure you could've guessed it was easily cracked. I'm not trying to secure my app and be 100% fool proof but just want to make it discouraging for crackers to attempt.

Since my app requires an online connection and often fetches data from my server I was wanting to implement license checking on the server side, if license is valid it will return data, if not, nothing will be returned.

I've read this blog post here:

"If your application has an online component, a very powerful technique to prevent piracy is to send a copy of the license server response, contained inside the ResponseData class, along with its signature, to your online server. Your server can then verify that the user is licensed, and if not refuse to serve any online content.

Since the license response is cryptographically signed, your server can check to make sure that the license response hasn’t been tampered with by using the public RSA key stored in the Android Market publisher console.

When performing the server-side validation, you will want to check all of the following:

That the response signature is valid. That the license service returned a LICENSED response. That the package name and version code match the correct application. That the license response has not expired (check the VT license response extra). You should also log the userId field to ensure that a cracked application isn’t replaying a license response from another licensed user. (This would be visible by an abnormally high number of license checks coming from a single userId.)"

I just need help to get started on how to perform server-side validation. Yes I can get the response signature, LICENSE or NOT_LICENSED respond, package name, license expiration, but how do I check in on my server?

Any help to get started would be greatly appreciated. Thanks for your time.

like image 944
user708905 Avatar asked Apr 14 '11 23:04

user708905

1 Answers

This may help you get started: android-market-license verification php project

like image 186
ktambascio Avatar answered Sep 27 '22 18:09

ktambascio
Sign in to Comment

Related questions

Using JMS as a request/response service
Webcam control in java [closed]
Java threads waiting to lock object that isn't (visibly) locked
How to convert an html webpage to a picture
How can I use Spring Security with a cluster with session replication to fail-over an authenticated user?
Full text search on Google App Engine (Java)
ASM: Stateful Transformation
How can I create a textview that automatically changes it's font size to fit the space?
Get attachments from a JAX-WS WebService with a JAX-RPC Client
How to represent a schedule for Timetabler Problem in Genetic Algorithms?
How do I join on two columns in the hibernate mapping file using the <join> tag?
Making text in a JLabel dynamically resize
Jersey + Jackson deserialization failure with date object
How to simulate a site down in Java?
How to generate different colors of same luminance for line chart in Java?
Profiling JNI applications
How to print a pdf to a specific tray with no user interaction in java
Cannot fetch PDF file as binary data
Hibernate + "ON DUPLICATE KEY" logic
Direct URLs to access reports - JasperServer

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!