Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Limit (Restrict) app installations per account (detemined by unique devices) in Android

I have published an Android app.

Problem is, if someone buys my app, he can install it on several devices using the same account.

Can I limit the installation to a few (let's say 2) unique devices per account?

If the user wants to use it on another device with the same account, he will have to uninstall from another one first.

For example, MyBackup Pro only allows two unique devices.

How can I achieve this in my app?

like image 657
Programer Avatar asked Feb 25 '13 10:02

Programer


People also ask

How do you limit which Android devices can download your app?

Select the Excluded devices tab. Next to "Exclusion rules," select Manage exclusion rules. Don't exclude Android Go devices: Selected by default. Exclude Android Go devices: Prevent devices running Android Oreo (Go edition) from installing your app on Google Play.

What is the best identifier to use to uniquely identify a device?

ANDROID_ID is the preferred device identifier. ANDROID_ID is perfectly reliable on versions of Android <=2.1 or >=2.3.

What is the correct way to restrict app visibility on Google Play to devices that have a camera?

To ensure proper filtering on Google Play when your app manifest includes the CAMERA permission, explicitly specify that your app uses the autofocus feature and indicate whether it is required or not, for example: <uses-feature android:name="android. hardware.


2 Answers

Google helps you do this.

This page helps you set it up.

More specifically, it looks like you want to add a DeviceLimiter:

In some cases, you might want your Policy to limit the number of actual devices that are permitted to use a single license. This would prevent a user from moving a licensed application onto a number of devices and using the application on those devices under the same account ID. It would also prevent a user from "sharing" the application by providing the account information associated with the license to other individuals, who could then sign in to that account on their devices and access the license to the application.

The LVL supports per-device licensing by providing a DeviceLimiter interface, which declares a single method, allowDeviceAccess(). When a LicenseValidator is handling a response from the licensing server, it calls allowDeviceAccess(), passing a user ID string extracted from the response.

If you do not want to support device limitation, no work is required — the LicenseChecker class automatically uses a default implementation called NullDeviceLimiter. As the name suggests, NullDeviceLimiter is a "no-op" class whose allowDeviceAccess() method simply returns a LICENSED response for all users and devices.

Caution: Per-device licensing is not recommended for most applications because:

It requires that you provide a backend server to manage a users and devices mapping, and It could inadvertently result in a user being denied access to an application that they have legitimately purchased on another device.

The source code for DeviceLimiter can be found here.

The source pretty much explains how you'd go about using DeviceLimiter to implement what you want:

/* The LICENSED response from the server contains a user identifier unique to
 * the <application, user> pair. The developer can send this identifier
 * to their own server along with some device identifier (a random number
 * generated and stored once per application installation,
 * {@link android.telephony.TelephonyManager#getDeviceId getDeviceId},
 * {@link android.provider.Settings.Secure#ANDROID_ID ANDROID_ID}, etc).
 *
 * The more sources used to identify the device, the harder it will be for an
 * attacker to spoof.
like image 143
yarian Avatar answered Oct 31 '22 04:10

yarian


Both Ascorbin and yarian answers are nice to explain.

As per my knowledge It can be managed by two ways.

1. By Google it self

2. By your own implementation

Lets check one by one,

1. By Google it Self

Ascorbin's answer explain well how to implement it and How google manage it. So hope you got it. If not then let me know.

2. By your own implementation

If you have your own server then you can put code which check for the installed app devices. Every Device have unique IMEI number so you can easily track the same IMEI number and block or allow the installation of the app or working of the app.

Note: Google allows you to use same app in another device if the device has configured same account. so in that case it can be only possible by detecting same account with different IMEI or MAC address.

Hope you got the point.

Feel free to comment. :)

like image 39
Shreyash Mahajan Avatar answered Oct 31 '22 04:10

Shreyash Mahajan