2

I don't want to publish my app on Android Market, but i would create a license key from my website based on the MAC address of the user device. It should include also expiration date. Once the user enters the code in the android device it should be recognised. I've read that it can be done by using custom public encryption. In this scenario i should implement:

  1. A function in my application that takes the MAC address of the device and shows a string to the user.
  2. A function on my website that owns the private key and cipher the string at point 1. and adds expiration date
  3. A function in my application that decipher the string at point 2. using the puplic key and validates the license key.

I've read many discussions on stackoverflow and other sites but nothing applicable... or it is not clear how to apply in my scenario :(

Can you provide me e way to solve this problem? is there something that is android native that i'm missing (i hope) ?

Many thanks! Marco

Barmaley
  • 16,638
  • 18
  • 73
  • 146
Vale
  • 223
  • 1
  • 4
  • 13
  • side note: what would happen if the user upgraded his phone? tying license key to mac address might not be the greatest idea unless your license is per-device and not per-user. – Dang Khoa Oct 11 '11 at 07:47
  • The application is per-device and i know that, if the user changes his device he has to ask for a new license key. This is because my application is also usefull to be installed on many devices of the same user. Thanks for replying. – Vale Oct 11 '11 at 08:05

2 Answers2

0

I was looking to implement licensing on apps that are not distributed through Play and came across this:

https://code.google.com/p/droidactivator/

Maybe it will help you too?

Anthon
  • 69,918
  • 32
  • 186
  • 246
Abhay
  • 21
  • 2
  • 1
    It would help others more, if you gave details here on why this has helped you and then provide the link for details – Anthon Apr 03 '13 at 03:26
0

I see nothing really difficult to implement your intents:

  1. Your licensing server must have its own private and public key pairs.
  2. Then you have to create private key in your application during 1st run/install. It can be done just randomly
  3. Then you have to interchange between your application and server with public keys
  4. During buying/licensing procedure your application should encrypt MAC address or other (gmail id, IMEI code whatever) send to server - server stores key
  5. In order to check validity of license application sends to server cipher of MAC - server checks it against stored in database

If you don't know how to implement private/public keys stuff - read manuals, there're a lot of implementations of Diffie-Hellman's procedure - it's easy and nothing special there

Barmaley
  • 16,638
  • 18
  • 73
  • 146
  • The application is made to be used offline, so the interaction between device and licensing server is not assured. According to the 3 steps i wrote in my post... wich (RSA?) functions/classes shall i use to cipher/decipher? i only created a keystore according to a guide, but i don't know how to implement the process. I've clear in my mind the workflow but i don't know how to implement it. Thanks. – Vale Oct 11 '11 at 09:09
  • @Marco application has to have way to exchange with server - w/o that it's impossible. Either web/gprs/wifi or SMS gate. Here's example implementation of Diffie-Hellman http://download.oracle.com/javase/1,5.0/docs/guide/security/jce/JCERefGuide.html#AppF – Barmaley Oct 11 '11 at 10:17
  • This is what i thought about the workflow: 1. i'll crete a public and private key (with RSA?) 2. i'll embedd the public key in the app code 3. the app shows a code (belonging from the MAC and modified in some way) to the user 4. the user inserts the code on my website and reads the new licence key that i've ciphered with the private key 5. the user inserts the license key in the app 6. the app uses the public key to decipher the licence key and checks if it is what the app priveded to the user at point 3. – Vale Oct 11 '11 at 10:21
  • @Marco more or less like that, but also you can write special application (like Google's Market app) which will handle license checking procedures. In this case your application can work offline, I mean send/receive request thru service provided by your license checking application. In the same way as Google's Market app does http://developer.android.com/guide/publishing/licensing.html – Barmaley Oct 13 '11 at 12:44