Hey George. I have looked at SlideMe and SlideLock. It's great but doesn't fit my use cases for my apps, nor, I would suspect many others looking for simple licensing solutions that mesh well with Android Market.
Permissions are a pain, aren't they? It is what it is, and devs will have to evaluate that when considering AAL. For anyone who wants to use credentials for a backend system (which is becoming more and more common) this is the best possible approach. Until Google gives us a bit more control over the Android Account API, and finer-grained interface to the permissions capabilities of Android, there's not much that can be done to improve on this for this particular approach. Something to consider: - users NEVER give access to their user id or password, they just grant the app permission to act using their idenity with the market for validation of purchase As for the reverse engineering of the market API, of course Google can change it. However, they also depend on that API, and have many, many apps out on different versions of Android that depend on it. I would expect this to remain relatively stable. Devs that use AAL can configure their app's policy on what to do if validation fails, including anything from "lock out" to "nag", so risk to end users can be controlled. Thanks for your feedback and contrasting points with SlideMe's technologies. Dave On May 5, 4:01 pm, "George | SlideME" <george.slid...@gmail.com> wrote: > Dear dadical, > * > *I salute your initiative and congratulate your efforts in the anti-piracy > conflict. Digital Rights Management was never an easy adventure. Nowadays, > everything can be broken by using different methods. Some fall easier, some > do harder. However, I do not intend to highlight this in your licensing API. > > I have few thoughts for your licensing approach, as follows : > > 1. I as an end-user cannot welcome the disclosure of > accounts/credentials, which by design are required for your module to work > (android.permission.GET_ACCOUNTS, android.permission.USE_CREDENTIALS). > Those > in combination with android.permission.INTERNET makes me highly worried > about first at all possible scam. A simple example would be : I write an > application and claim I am using your 'licensing module' so the end-user is > installing my app thanks to trusting you. Then I do whatever I want with > that. > - Based on the above, I as a Vendor can not embrace the permission > enforcement for such disclosure of private data in my products > - What if there is a shared account? This will work on all devices > that have that user credentials? > 2. You have reversely-engineered the Android Market Transfer Protocol > and Markup Language for purchase verification. > - Do you have the guarantee that Google will not change the protocol > and your module will not fail? > - You will most likely need to reversely engineer the > protocol/language again and come with an updated version. How > about the time > frame you need to fix this and the clients unable to use the > application? > 3. Is your module legit? For how long? What guarantees can you grant? > > There could be more but for now this is all that came in my mind. > > On the other hand, have you heard > ofhttp://slideme.org/slidelock<https://slideme.org/slidelock> that > can be used today for protecting applications for global distribution where > there is no Android Market? > > George > > -- > You received this message because you are subscribed to the Google > Groups "Android Developers" group. > To post to this group, send email to android-developers@googlegroups.com > To unsubscribe from this group, send email to > android-developers+unsubscr...@googlegroups.com > For more options, visit this group > athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
