5

So I have read the LVL docs backward and forward, and have it working with my app. I have seen the questions about the response being cached. But it still leaves me wondering, based on some of the wording in the LVL docs, does Google want us to call the license checker every time the app is initialized? Is that the safest way to implement this? Using the ServerManagedPolicy like Google suggests, do we just call the license check, and either run our app or do whatever we choose if they fail? One of my small concerns is the use of network data. They drill into us the need to be cautious of using resources without informing the user, and it seems to me this is a use of network data without letting the user know.

To add to this, is anyone experiencing any type of delay to their app due to this code? Due to the nature of my app, opening it and then waiting every time for an ok to come through the network would definitely distract from its use. Should I cache the response myself, or am I way over thinking this?

Isaac
  • 51
  • 2

4 Answers4

2

You answered your own question; if you feel that calling the service every time you start would be disruptive (which it would, e.g. the user is out of coverage), then don't do it.

Google make no recommendations about how often to use the licensing service; it's down to how paranoid you as the application developer are about piracy, balanced with how much you feel constantly checking would annoy the user.

Christopher Orr
  • 110,418
  • 27
  • 198
  • 193
  • Thanks for the reply. I have been reading more and mulling it over after posting the question. It also looks like the LVL will do it's own caching. So I might be overly concerned about the amount of real traffic this will generate. I am just going to call the license check on my onCreate of the main procedure. If it becomes a real issue I can just issue an update with a more lax version. I will just assume that the ServerManagedPolicy will do all of the background work for me, like they say it will. – Isaac Jan 19 '11 at 19:54
  • see my comment above on the answer by @Tom. Make a simple example and Toast the result, you will see it is being called every time you start the app. – Anthony Graglia Jan 30 '11 at 15:52
1

Call it every time you start the app. The LVL library, as shipped by Google, will cache the response and use it the next time the user starts the app, thus not requiring a network connection if they restart the application within the cache valid time-frame.

What you likely want to do is change the amount of time the cache is valid. By default, google ships with a fairly low cache-valid time, which resulted in some upset users who were outside of a network when the cache had expired.

Yahma
  • 1,042
  • 8
  • 8
  • I see that you have a good knowlage on this topic. Could you look at this question (connected with lvl matter)? : http://stackoverflow.com/questions/16567842/how-to-increase-lvl-cache-valid-time – XorOrNor May 15 '13 at 18:06
1

Ok, fair, only check it once in a while.. But where can you "safely" store the information, that you should check it once a day only? Eg, the first time you start the app, you will check it. Result of LVL is valid: so you store the date of the last successful check. But where to store it? Using SharedPreferences ? Is this safe? Because if you have root access on your device you could access the preference and change the valid date (to either way in the future, an yes, ofcourse you can check that in the code :-))

PS. Sorry, could not make a comment :(

Tom
  • 2,242
  • 18
  • 27
  • Tom, I am with you. Where in your code can you store this without leaving it out in the open? I am just going to let the ServerManagedPolicy code do the legwork. I will guess this is going to be analogous to door locks. They keep the honest people honest. if someone wants in your house they will just break a window and get in. – Isaac Jan 19 '11 at 19:56
  • The other problem with this though is that the default is dont_allow. so if they are not connected to the net, then they may get a dont_allow when in fact they did purchase it legally and that will piss people off... so you may also want to check the connection of the device... – Anthony Graglia Jan 30 '11 at 15:50
0

Concerning LVL: Although the SDK provides a sample implementation, Google themselves, clearly recommend against using it "as-is".

http://www.google.com/events/io/2011/sessions/evading-pirates-and-stopping-vampires-using-license-verification-library-in-app-billing-and-app-engine.html

After watching that, I believe, LVL is not an option for apps sold for 1-2$. Furthermore, a failed LVL check (if no network is available) will piss off legitimate users.

while it is true, that you can implement some kind of caching LVL responses, it will always boild down to the question, in how far you want to protect against piracy at the expense of legitimate users?

And: developer time is limited, so maybe it is more worthwhile to put efforts in improving an app, instead off wasting to much time trying to cut down illegal usage.

mrd
  • 4,561
  • 10
  • 54
  • 92