Turns out there's been a bug in an update of the Google Play app. The license checks were timing out, and so in my case the default choice was to allow the user access anyhow.
http://code.google.com/p/marketlicensing/issues/detail?can=2&start=0&num=100&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&groupby=&sort=&id=44
If you delete the app data for that app, your own test app will reestablish its connection with Google Play and whatever test response you set will almost instantly be the response received by the app on the device.
In fact you don't even need to follow the guidelines about uploading exactly the same pkg to Google Play in order to get these test responses. Just use the same key.
NOTE:
In my current setup as above, using the ServerManagedPolicy, the app distinguishes nicely between LICENSED (which triggers Allow()) and UNLICENSED (which triggers DontAllow()).
If there is an error, however, the applicationError() callback doesnot handle all codes well, or some of those codes are never provided to it.
ERROR_NOT_MARKET_MANAGED triggers ApplicationError() just fine.
But these two errors redirect the app to DontAllow:
ERROR_SERVER_FAILURE
ERROR_CONTACTING_SERVER
I wish I could catch these errors since they are usually not the user's fault, and yet the user is led to the "You didn't buy this app" dialog.
