Android Market copy protection scheme

Google has announced that it will be rolling out a copy protection mechanism for Android Market applications when used with phones running Android 1.5 or higher.  It works kind of like this:

  • Google sets up a special licensing server, which keeps record of application purchases.
  • Developers can use libraries provided by Google that query this server each time the application is started.
  • The server then tells the application if the user has a valid license to use the application.

Relax everyone.  Google already has this info, it's how it (and you) keeps track of apps you've purchased for re-installation or updating.  All Google has done is allow applications to ping the new server to get a "yes" or "no" on whether or not the user has really paid for the app.  This is a good thing for developers and users alike -- at least until someone finds a way around it.  It also means a new SDK is in the works, as this will be out "in the next few months."  Developers can check out the new Licensing Your Applications portion of the Android Developer Guide, and the Android Market Help Center to learn a bit more.  [Android Developers Blog]

Update: There's a new post on the Android Developers Blog with some clarification and highlights.  Hit the link to see them, here's a quick overview:  It's secure, using public/private keys.  Nobody is going to get your details.  User applications don't talk to the licensing server, the Market handles it all on the back end.  Tools are in place to allow developers handle times when a user may be off line.  This should alleviate some fears, and answer some questions.

Update #2: The original blog post has been updated.  These tools are available for use now, and the old way will be phased out over the coming months.  Maybe the guys in the Android Dev Ecosystem read Android Central :)

 

Reader comments

Google to provide copy protection to Android Market applications [updated]

74 Comments

ide thoght they be against something like this TO MILK you for more of your moneys, but i remeber thats wht apple would do lol not google, nice but this make me think they dint do this befor lol

*patience for FROYO*

This isn't about milking people of their money. This is about developers getting paid for their work and people not stealing/pirating apps.

Open source OS doesn't mean every app is free.

What happens if you launch an app, but your not connected to the network at the time? This is concerning as I might not always be connected but still want to use my applications.

That's my only concern. I don't mind copy protection that is simple and maybe deters casual copying but when you get into requiring network access to run an offline app or other heavy-handed tactics that will just be bypassed by the real "hax0rz" anyway, then it turns into the kind of problem you see with gaming these days.

I'm pretty sure I wouldn't buy an application that had to ping a server every time I opened it if it was an offline app like a game or utility.

I like the currently popular model where you can often get a free version with ads, try it out, and then if you use it a lot you can pay a few dollars for the full version. I do it all the time. Even now with pirated apps you can install them but not update them so that is still kind of a way some people might try out an expensive app if there is no free trial. Either way, you can always return the app and get a refund which is pretty friendly to the user.

I've seen in other places and even one comment from someone claiming to work on the Android team that the developer has some options in deciding whether their app needs to be connected to the network at each launch. I'm guessing the options boil down to periodic checks or checks when the network is available. Since alot of these apps need the network anyway....

As long as this doesn't turn into something like the Windows authentication that makes you feel like you stole something even with a valid copy then I'm fine with it.

I hope this thing has a license cache feature so my apps don't fail when I run out of cell range or am required to turn airplane mode on.

This should never require checking in with the mother ship on each app launch, but rather a cache of the most recent license check.

This is kind of overkill. An encrypted cache of licenses (encrypted with the phones serial number) should be sufficient. Building and maintaining that cache could be a background task built into the OS.

Copy protection is something the Open Source community is against. This spits in the face of Open Source. I've been an Open Source user for over 10 years, and I know well that Open Source is not about "free as in beer". It's about freedom. It's about the freedom from the tyranny that is closed source and companies that make you sign licenses that severely restrict your use of the product and treat you like a criminal. That's what Open Source is about, and this is just wrong on so many levels. Shame on you Google!

Apparently you know nothing about open source. Yes its about freedom....that freedom is for the developers too. If devs want to do a license check on their software to make sure that you have paid for it then they should be free to do so. And please tell me whats the difference between this and Red Hat's RHEL servers reporting back to the RHEL network and being blocked from updates if your subscription is not paid up?

You may have been an open source user for 10 years but you certainly have not tried to understand it. It means the source code for an application is made available...it has nothing to do with whether a dev gets paid for their application or not. Mind you many of these apps on the market are not open source to begin with. You all have taken the Android OS being open source and skewed it terribly beyond what it means.

Apparently you can't read! NO ONE SAID ANYTHING ABOUT MONEY. Where did you get that from? It was never part of MY post. I even stated that Open Source has nothing to do with "free as in beer". Are you completely stupid?

Copy protection is something the FOSS movemet rails against. FOSS is about the freedom to distribute and the freedom to have access to the source. The GPL is only one of several FOSS licenses, and it allows for people to charge money for GPL software.

Parts of Android are licensed under the Apache license, and other parts are GPL 2. The essence of Open Source is to protect the users from practices of limiting their freedoms. Under both GPL and Apache licenses, you are allow to redistribute, modify, and distribute modified code. It protects the developers by requiring redistributed code to be clearly identified with any trademarks, patents, copyrights, and attribution. The GPL requires that all derived work must also be GPL.

All of this has nothing to do with apps built for Android. There's no requirement that apps designed for Android must be FOSS applications. However, the whole idea of copy protection smacks in the face of FOSS principles. Watch Richard Stallman's take on DRM:

http://www.youtube.com/watch?v=8p9IU4zp7mU

Apparently you haven't read your own post as you completely contradict yourself. If the apps aren't FOSS then what do you or the devs of those apps care of FOSS being against copy protection??? Android is FOSS and is not copy protected in any way. They simply gave the non-FOSS app devs a way to make sure people aren't freely using copies of their non-FOSS apps. How is this anti-FOSS? An open source license protects open source apps....BUT THE APPS AREN'T OPEN SOURCE!!!! Why are you trying to mix Android and the closed source apps that run on it?

And posting something from Stallman makes me think you're just trolling honestly. Either that or you've done exactly what I said....perverted the meaning of open source into some religion that bleeds well out of its meaning.

You really are that stupid... You fail to see the irony in all of this.

Google has long been a supporter of Open Source. It not only has an Open Source browser, smartphone OS, and a desktop OS in the works, it has sponsored the Google Summer of Code since 2005. Google has been an advocate for years for the Open Source movement. Then, they go and implement DRM in the app store? THAT is what's so wrong.

It's not what the independent app developers do. It's not whether the apps are open source or not. It's that Google implements this after championing Open Source for years. DRM is something Open Source has been against all along.

However, in your zeal to discredit me and trying to confuse what is said, you can't seem to put the pieces of the puzzle together.

Oh crap, this sucks balls! Im all about people supporting developers but this I feel violates a person's privacy.

Hackers need to get on this ASAP.

What people upload to their phone is their business. Would you like it if music companies, software companies, movies etc were able to see what stuff of theirs you have on your computer? I bet not.

Yeah, good call. And what happens when your phone crashes, breaks, gets stolen, etc. and you have to get a new one? I'm sure you wouldn't want to be able to get back all of your paid apps. Because, hey, that's your business.

Besides, did you even read the article? Google already has this information. The only difference is that now they're using it to help keep people from screwing over the devs and stealing software.

Again if this were taking place on your MP3 player or your computer I bet you'd be singing a different tune but obviously you don't get it.

Your condescension is much appreciated, but actually I do get it. I'm just not pissed about it because I actually pay for the apps on my phone. If I was too cheap to spend $1 on a great piece of software, then I might be upset.

IMO, it's not your privacy you're worried about. It's the fact that you're about to lose all of the apps you've stolen.

And I guess that is the one and only part of my post you actually have a legitimate argument for.

Just put yourself in the devs place. You come up with a great idea. You work hard on the code, test it, revise it, etc. And as soon as you put it up for sale, people start stealing it. How motivated are you to roll out updates? How motivated are you to put the same amount of time and effort into creating more apps?

If I were a developer, I'd be stoked about this.

Dude do you have an appbrain account, I want to compare and see how much you've spent on apps vs. how much I've spent on apps so we can see who here really supports developers and who just likes to talk a lot of 5H1T.

So I take it you don't purchase market apps since they have record of your purchase. I guess you also won't use the auto restore options when you switch phones or let the apps connect and back up your data right? Do you use Windows 7 by any chance?

They are using the same technology as what allows you to restore all paid apps when you switch devices/do a factory reset.

How is that violating privacy?

Go to the library, rent "the boy who cried wolf" before you try talking about what does and does not violate privacy.

Hmm, this doesn't bother me at all, especially since adding it will be optional. It WILL bother me if that means using apps requires a network connection...but I find it hard to believe they'd do anything so stupid. More likely it could just check when you launch the marketplace, or grab an update. It's not like deterrence requires a 24 hour police service that stops you app instantly, it just needs to make peoples lives unpleasant when they are stealing copyrighted material.

And how does this spit in the face of the open-source community??? Not all apps are developed as open source, hence the idea of copy-protection. I presume open-source developers will just laugh at this as bloat-code they wouldn't put in their apps, but that doesn't mean the platform should be exclusive to open source apps.

Just wanted to add that Google has left it up to the devs to do what they like with the service . I'm sure the "smart" devs will cache the results from last time so it will not always require you to have internet access. That is what I plan on doing in my app.

I was hoping for more than this from Google! KeyesLabs did this months ago (http://bit.ly/d0DCHP). It's going to be embarassing for the big G when this gets hacked in the first few days, which is what happened for KeyesLabs.

The approach works well enough, and it will slow piracy down, but Google needed some kind of platform-level solution here that involves actual encryption of APKs using keys specific to each app/user/phone.

Oh well. They're trying...

I was thinking they'd go that route and simply reauth if you switch phones. Basically the apps would follow your profile from phone to phone.

If they would just get their asses about actually getting the paid market available in all relevant regions I'd be fine with this. Some kind of local cache for the licensing will be required for this to work properly on any mobile platform as well.

I feel for developers that get their apps pirated but you know what, I bet if we looked into their MP3 players or computers I bet we'd find A LOT of pirated music, movies, software so they need to get off their high horse.

High horse? They make a product, and people buy it. Google is protecting that product from being illegally copied. I'm 100% okay with this, and I can't stomach idiots like this saying "well, they probably pirated a song, so I can steal their product".

People, if you like an application, BUY IT. Don't steal it. That way, the developer gets paid to write the app, and will continue to do so, resulting in more apps, that you'll probably like. If you steal from the developers, what motivation do they have to write code? None.

I've always thought one of the shortcomings with Android was that it was too easy to steal paid apps by just grabbing the .APK with root explorer, and copying it to other folks.

Its not about justifying pirating/stealing, that can never be justified. Its about people preaching about pirating/stealing when they do it themselves. If you can with a clear conscious say that you've never pirated anything then my respects to what you're preaching but if you've pirated music, movies or software then you need to stfu cause you're just an effen hypocrite.

I have downloaded songs without paying for them before. I don't anymore because believe it or not, people are capable of change. I've gone out and bought a lot of songs/albums that I pirated back in the day and I delete the rest. It's possible that I missed a few, but I tried fixing my mistake.

Not to mention that back when I got those songs, the ONLY way to get your favorite single off an album was to buy the album. now you can get UNLIMITED streaming of millions of songs for $15 a month, singles for .99 or lower, and entire physical CD's for 50% off what they once were. If you're pirating today you are a cheapskate, full stop.

Using the justification of "I bet they steal so it's ok to steal their stuff" not only makes possibly false assumptions, but you're using one wrong to justify your own, which does not make you right, and it doesn't make your position justified.

Did you not see the part where I wrote "its not about justifying"???

This is a great point by HondaCop: "I'm all for protecting software. These developers need to get paid and in return, they produce more quality apps for all to enjoy. With this being said, here is my only concern...

I think that very low prices on apps, is the only good piracy deterrent. I mean, why would people go out of their way to find a pirated version of an app, if the app only costs .99 cents or even $4.99. Heck, that is why they are so cheap, so that people can easily afford them.

Now, once developers see that pirated apps will no longer work, I am afraid we will start seeing apps being more expensive, knowing that people have no other choice than to pay for it.

By HondaCop on Tue, 07/27/2010 - 17:46"

And image, it IS about justifying. The comment of "these devs most likely have pirated music, so it's hypocritical" is ONLY about justifying.

And I replied to hondacop.

His concerns don't make sense in an industry where the cost to produce an application is FIXED (it doesn't increase with more downloads)
So it's in a developers best interest to find a low price point for their app.

If devs started charging 15 per for an app, people wouldn't buy enough copies to compensate the money he would make if he kept the cost at .99.

The ONLY reason an app really needs to be more expensive is if it's a super complex app, or if it's to a niche market (such as vlingo) where there won't be much interest in it, so the developer has a bit more leeway with the price.

Dude, I'm gonna go out on a limb here and say that you probably have an abundance of pirated apps on your device. Just a hunch.

Yeah just go checkout my appbrain account I bet I've paid for more apps than you have. Im all about supporting good apps so STFU.

You sure? I wasn't aware of that. I have no way of knowing but I think thats incorrect. If someone can verify.

AppBrain uses it's own DB based on what's installed on your phone. It doesn't (prolly can't) read your market details. When we get press review versions of apps they show in app brain, yet show as never bought/installed on the Market.

I don't get why so many people are up in arms over this. I think it's a positive thing. One of the knocks on the Android community is that we expect apps to be free and we won't buy paid versions. That doesn't give developers much incentive to port their apps over to Android. What's even worse is when hackers go out of their way to pirate paid apps, screwing devs out of money that is rightfully theirs. Now Google has come out with a way to prevent that from happening, and this community is pissed about it? Man, sorry guys but that is just super lame. I understand why a lot of devs are reluctant about Android.

Wow a lot of these comments sound like little kids throwing tantrums because their pirated apps are going to be taken away. Come on spend the money to support the android community. This means don't download an app copy it to your SD card get a refund then reinstall cause you were to cheap to spend 2 dollars on an app.
I don't know about the apps pinging a server all day though. Sounds like you would be making bad battery life even worse. Maybe it could cycle once at boot up or have code that prevents copying such as with other forms of media. Idk but its a step in the right direction. Developers deserve to get paid for their work.

Oh great. So now I have to have a network connection, it will generate more traffic, use more battery, and DENY ME ACCESS to an app if there is a screwup on some cloud machine I know nothing about and can't control or correct. Super.

Just say it how it is - a move to RENTING applications instead of "buying" them.

This is irritating.

I'm all for protecting software. These developers need to get paid and in return, they produce more quality apps for all to enjoy. With this being said, here is my only concern...

I think that very low prices on apps, is the only good piracy deterrent. I mean, why would people go out of their way to find a pirated version of an app, if the app only costs .99 cents or even $4.99. Heck, that is why they are so cheap, so that people can easily afford them.

Now, once developers see that pirated apps will no longer work, I am afraid we will start seeing apps being more expensive, knowing that people have no other choice than to pay for it.

I had not thought of that angle. But I still believe there will be too many free and open source apps to allow devs to run away with prices.

I highly doubt it.

Simple economics shows that the lower your price point, the more people will be interested in your app (perceived value not being considered)

Since an apps price is "fixed" (it has the same cost if he sells 1 app or 1 million since there is no production cost after final code is compiled) it's in the developers best interest to sell the application as cheaply as possible.

Now with some items (root only tools, niche games/apps) the target market is pretty small, so the base cost might be higher. But if your app targets the entire market, selling it for .99 will almost always net you more income than selling it for 1.99

This is absolutely ridiculous. The App Store is measurably more difficult to pirate apps from than the android market, and prices are reasonable. If a price for an app is too high, don't buy it. There will always be more than 1 app that can fulfill the sane function. If not, the high price is necessary.

Developers demanded this. Google provides it. There's nothing that says a developer has to use it, or that you have to support developers that do.

Or make it so the app doesn't require any license to operate for the first 24 hours, and then after that it will do a check to the marketplace to make sure you kept the app installed (and didn't make a backup copy)

Then the app would check ever x amount of days/weeks whenever you were using a network of some kind.

I think a check every usage is a bit extreme, and I'm sure if devs are given the option to select checkin times, most won't use this because of the potential problems it might cause.

Reading these comments saddens me. I fear for the future of the android platform with a seemingly large amount of users averse to paying for applications and supporting developers. If you want quality apps, this attitude needs to change, regardless of how effective this copy protection manages to be. I, for one, am actively developing for iPhone and not android because of this. Looking through the market briefly on appbrain, I feel that I am not alone as there seems to be a lack of quality apps and real innovation.

Ace seriously, the only reason you're with apple is cause they have the higher numbers, as that changes and Android takes over you'll be switching over. First off the comments I think are more shock than anything because Google is sharing what I consider privileged information. I have ZERO pirated apps because I appreciate our developers and want to support them.

So unless you have REAL figures to to back up the statement that Android developers are being robbed point plank by pirating your assumption holds no ground.

The comments here are just that comments of opinion because this move is controlling and controlling doesn't sit well with most people. Its not about "users averse to paying for applications and supporting"

They're not sharing ANYTHING. Read the release. It's all done via the market, so the apps and devs see none of your personal data. (Think Oauth) The market is handling the EXACT same data as it always has. They're just allowing devs to build in a code to authenticate their data (that the app was paid for) with the market. There is no privacy overlap.

And it's not just piracy that's keeping dev's away, it's the difficulty android devs have in monetizing the market.
This includes:
-Piracy, through the backup/refund, rooting, and warez methods. This also includes ALL forms of ad blockers, as blocking ads is a form of piracy in apps that are paid for with said ads.
-the fact that there are so many "free" alternatives, and that people will take the free alternative even if it doesn't provide key functions they desire just because it's free.
-There is no "iTunes" model, aka, no giftcards to hand out, not the years of people used to buying stuff in .99 bites.
-It's pretty hard to "discover" apps in the market unless you know just what you're looking for, or the app is featured.
-Categories are too broad, and there are a lot of misplaced apps
-Space left for descriptions of apps is too small, leading to a lot of people installing/uninstalling because they didn't get something. (see: any premium skin for a launcher)

It's not just a numbers game with Android (though it is for handset makers) Google NEEDS to do a serious overhaul of the market, and soon, if they want to make it more than a porn dump with a few decent apps struggling to get noticed.

What about those who use community services like android playground? I mean they are paying for apps, just not through the market. Is google trying to give the market a monopolized effect, or will alternative markets be available to those who want it?

You are paying people who hacked the paid apps from the market. So people using that site arn't paying for apps, they're paying a subscription to someone else so they don't have to pay for apps. (or they might not know exactly that this is happening)

As jerry said, developers don't see a cent of the money people pay to those sites.

Heh, I'm all for stealing from the music industry. Major labels have got to go and they will soon enough.

Video games I buy, devs get fair compensation.

Apps. I look for good freeware but if I must have a licensed app then I will gladly pay for it.

I am currently boycotting ubisoft and their ultimate fail. Hope this works well for Android devs and users.

Completely irrelevant as long as most of the world (that huge chunk outside USA) does not have access to paid applications.

I don't see any prob with this....its not like "3 limit on one phone installs or you need to be connected to the internet every-time you need to use it.

It just checks if you own it during download/installtion and if you do, congrats you get it...if not, you don't and as seeing you can easily get around paying for apps (was forced to after get stuck on psx4droid on authorizing purchase though had been charged so downloaded the .apk from a website and hey, it worked.

I think this is a good idea. We need good developers to want to stay with android.
A few things do concern me however.

1. Using a program like MyBackup Pro will backup apps, but when I tried, not market links, same with TitaniumBackup donate version, which does backup market links if you tell it to.

2. I have bought several apps. Some not from the market because of issues with paid market apps and telcos/countries etc. These apps are installed, but don't show up as installed in the market, some developers are nice and mail you the new versions.

These 2 situations irk me already, but this new market check will make things trickier.

Thanks to Google for doing this. I'm surprised their "add protection" feature when you publish an app doesn't do this for you automatically.
But yes, this is to make things a little harder to steal (not impossible to decent hackers)...currently, it's just stupid easy with Android Market's 24hr return policy (which Apple appstore doesn't have).

Next thing I really suggest Google do is send their lawyers after the warez sites that are out there that charge stupid users an annual fee to get pirated apps. They spam the crap out of the market...ban their spam as well.