Actually Google isn't doing their developers any favor with the LVL. The documentation reads like it is meant to serve as a drop-in solution that adds reliable DRM to your paid app. Just configure it a little bit with some policy and your "app is safe". On the other hand there is that lengthy Google I/O talk<http://www.google.com/events/io/2011/sessions/evading-pirates-and-stopping-vampires-using-license-verification-library-in-app-billing-and-app-engine.html>and some official blog posts<http://android-developers.blogspot.com/2010/09/securing-android-lvl-applications.html>that discourage from using the LVL "as is", since all its components are known and a cracker can easily find them in your decompiled Java code and just remove them. The LVL is more of a proof of concept that should give you ideas how to interface the Play licensing service. That means changing and rewriting the whole LVL up to a point where the original is not recognizable anymore and at that point you understand every single bit of it yourself and don't run into that policy problem anymore, because you'd implement that policy yourself.
I voiced my opinion about the LVL and DRM here in the past and I used to be in favor of all these efforts. But trying to do it as properly as possible is a lot of additional overhead (it took me almost a week the first time), and when not done properly it either does not protect your app at all and / or pisses off legitimate customers. So I decided to get rid of any kind of DRM in my products altogether. It makes me sleep better because I know that it won't accidentally accuse one of my paying customers of theft just because I may have done some silly mistake. And in the end, if your app is interesting enough someone will crack it anyway. I guess it's more important to focus on those people who are willing to pay for your work and services. And maybe it really does help to see those cracked copies as some kind of free advertisement for your name and brand. If you still want to implement DRM for your app, then watch that video I linked above. It's probably as in-depth as it can get when it comes to the LVL. On Sunday, February 2, 2014 8:05:45 AM UTC-6, firebreather wrote: > > is licensing worth it for a paid game app? > > I have licensing added to my paid game, but I've found it goes online to > check for a license every single time the app is run, instead of only > occasionally doing it, as it's supposed to do with the > 'servermanagedpolicy' as opposed to the 'strict policy'. > > there are no ads in my paid game and I don't want the user to always have > to be online and wait for verification for every play. > > now I actually set a flag in the 'preferences' file the first time the > license check succeeds, so it doesn't check for licensing at all after the > first check, although I imagine this could be easy to hack for piraters. > > should the servermanagedpolicy' be cacheing something in the phone so it > doesn't have to check every play? > > here is the policy in the docs: > > A flexible Policy that uses settings provided by the licensing server to > manage response caching and access to the application while the device is > offline (such as when the user is on an airplane). For most applications, > the use of ServerManagedPolicy is highly recommended. > Show trimmed content > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
