Limit (Restrict) app installations per account (detemined by unique devices) in Android

Question

I have published an Android app.

Problem is, if someone buys my app, he can install it on several devices using the same account.

Can I limit the installation to a few (let's say 2) unique devices per account?

If the user wants to use it on another device with the same account, he will have to uninstall from another one first.

For example, MyBackup Pro only allows two unique devices.

How can I achieve this in my app?

Answer 1

Google helps you do this.

This page helps you set it up.

More specifically, it looks like you want to add a DeviceLimiter:

In some cases, you might want your Policy to limit the number of actual devices that are permitted to use a single license. This would prevent a user from moving a licensed application onto a number of devices and using the application on those devices under the same account ID. It would also prevent a user from "sharing" the application by providing the account information associated with the license to other individuals, who could then sign in to that account on their devices and access the license to the application.

The LVL supports per-device licensing by providing a DeviceLimiter interface, which declares a single method, allowDeviceAccess(). When a LicenseValidator is handling a response from the licensing server, it calls allowDeviceAccess(), passing a user ID string extracted from the response.

If you do not want to support device limitation, no work is required — the LicenseChecker class automatically uses a default implementation called NullDeviceLimiter. As the name suggests, NullDeviceLimiter is a "no-op" class whose allowDeviceAccess() method simply returns a LICENSED response for all users and devices.

Caution: Per-device licensing is not recommended for most applications because:

It requires that you provide a backend server to manage a users and devices mapping, and It could inadvertently result in a user being denied access to an application that they have legitimately purchased on another device.

The source code for DeviceLimiter can be found here.

The source pretty much explains how you'd go about using DeviceLimiter to implement what you want:

/* The LICENSED response from the server contains a user identifier unique to
 * the <application, user> pair. The developer can send this identifier
 * to their own server along with some device identifier (a random number
 * generated and stored once per application installation,
 * {@link android.telephony.TelephonyManager#getDeviceId getDeviceId},
 * {@link android.provider.Settings.Secure#ANDROID_ID ANDROID_ID}, etc).
 *
 * The more sources used to identify the device, the harder it will be for an
 * attacker to spoof.

Answer 2

Both Ascorbin and yarian answers are nice to explain.

As per my knowledge It can be managed by two ways.

1. By Google it self

2. By your own implementation

Lets check one by one,

1. By Google it Self

Ascorbin's answer explain well how to implement it and How google manage it. So hope you got it. If not then let me know.

2. By your own implementation

If you have your own server then you can put code which check for the installed app devices. Every Device have unique IMEI number so you can easily track the same IMEI number and block or allow the installation of the app or working of the app.

Note: Google allows you to use same app in another device if the device has configured same account. so in that case it can be only possible by detecting same account with different IMEI or MAC address.

Hope you got the point.

Feel free to comment. :)