Android now comes with an API allowing applications to phone home to check for a licence when launched, locking out pirates and anyone with an unreliable data connection. The "Licensing Verification Library" does allow the developer to permit caching of responses, so an application shouldn't stop working when one gets on a plane …
My applications already do this using their own bespoke setup (MyBackupPro for example). This system just allows everyone to do the same without writing lots of code and hosting your own authentication servers, Google will do all that for you.
I think this is win/win. It's a win for Developers, it's a win for Android consumers, it's a win for Google. Obviously the only people that will be upset are the pikey freeloaders.
Until google decide to monetise this too...
... by sending back everything you do...
"Dont be evil - unless there's money to be made from it" (the true google slogan)
If you think it's great news (and it is)... how can you class it as non-news?
Obviously the only people that will be upset are the pikey freeloaders.
Or anyone on a foreign holiday who returns home to find their monthly bill bumped up by roaming data charges...
Or anyone who gets locked out of their app in areas of poor/non-existent data reception because the developer chose to apply an overly-strict phone-home policy...
Or anyone who doesn't like the idea of their app usage being potentially tracked...
I don't have an issue with developers wanting to protect their work, but I do have an issue with any protection scheme which has real potential to screw things up for genuine purchasers of said work. If I had a pound for every time I've heard someone say "I've bought the original, but I still use a pirate copy because it works better" then I'd be pretty damned rich by now. I'd also have had to pay myself a few quid, because I'm one of those people who've been bitten by over-zealous protection schemes preventing me from using stuff I've paid for until I found a crack.
Who are the real freeloaders anyway?
Is it "freeloading" to expect to be able to use a piece of software for nothing?
Or is it "freeloading" to expect to be paid a sum of money every time someone uses a piece of software that you wrote?
And depending on how this is implemented it may not stop the pirates anyway.
Great until ...
... I go on holiday and disable data for 3 weeks.
As long as they set sensible limits, I'm happy with this ... maybe a big re-validate all button on the Android config screen to give you a month of grace?
Sorry? This *is* news...
Copy and paste the body of the article into your favourite text editor, change all instances of "Google" to "Apple" and re-read it. If it were Apple doing this, the majority of lazy commentards would be ranting apoplectically about how evil Jobs is and "HOW DARE THEY!!! IT"S MY DEVICE!!!" Et cetera...
People complain about Apple because Apple dictate what software can and can't be loaded on the phone. This is merely about allowing developers that charge for their app to have some confidence it won't get ripped off by freetards.
There's nothing wrong with this and the model chosen (especially the caching of responses and piping everything through Android Market to ensure apps don't need excessive privileges) seems quite well considered and thought out.
But its a tradition on the Reg comments...
to give Android a free ride. Android is so perfect that it is beyond criticism.
Despite the fact that its full of bloatware, has a fragmented OS/UI, and most android devices have dreadfully short battery life.
If I was a developer I would stick to iOS. Your code wont get pirated and you have access to a much larger and growing ecosystem.
According to this guestimate in Wired, iOS devices are selling "42 percent more than Android".
Do you really want to be stuck developing for a second tier platform where your code is open to freeloaders and the like.
Re: Sorry? This *is* news...
Exactly as Arkasha said, and to add to that, you do still have a choice. Nobody forces you to use the Android Market provided by Google, you can choose another app store, like SlideMe etc. That is what Android is about.
If Apple had done this, the users wouldn't be able to choose another App Store.
As a developer myself, this is a good thing.
Allow me to retort from sanityland
"to give Android a free ride. Android is so perfect that it is beyond criticism."
Yes, there are a lot of Apple haters on El'Reg, who do side with Android. Just as many as there are Android haters who side with Apple. Since we're neither*, lets continue:
"Despite the fact that its full of bloatware, has a fragmented OS/UI, and most android devices have dreadfully short battery life."
The UI has stayed pretty much identical from the start, yes there are several versions and there are several versions in the wild, as with iOS. Your point being? OS's evolve, smartphones suck battery? Welcome to Earth.
"If I was a developer I would stick to iOS. Your code wont get pirated and you have access to a much larger and growing ecosystem."
I think you'll find that Android has the trumps on the larger and growing ecosystem. Just purely by the sheer number of devices running (and soon to be running) it. Piracy, did you read the article or just the title? That however is irrelevant, see below.
"Do you really want to be stuck developing for a second tier platform where your code is open to freeloaders and the like."
No, that's why I chose Apple and Android. This gives access to the two largest phone platforms and now thanks to Google, I have some piracy protection on Android.
As a developer, I want profits. At the moment, they come from the iPhone, as Android grows and it's user base outgrows the iPhone's, the lower profits from Android will eventually gain on that made from the iPhone, and I'll be earning the best I can be.
Like you say, you're not a developer, so you're posting on this article because? Ah yes, your previous comment titles:
- Antennagate vs Bloatware
- Flash version for Android
- Open Android? In your dreams
*You're an Apple fanboy aren't you?
It's all a matter of picking your poison.
With regards to the original post, I do remember the outrage on Apple providing an optional means for developers to make money, called iAd. But really, any Apple and/or Android article brings out the flames and the juicy juicy page hits, eh?*
I've got a T-mo G1 on 1.6** and Android has some things that still really really bug me. First, the fragmentation is very annoying: My less-than a year old android unable to upgrade to 2.0***, when two year old iPhones/iPods can run 4.0****.
On the Android UI, ennnh. It's fragmented even within the same OS. Sending a text message, the 'send' button is above the keyboard. In other apps, the fame functionality is in the bottom of the keyboard.
In the browser, there's no way to know if hitting the back button will exit the browser, go back one page, or close that window and return to another window. I've seen all three actions. Sometimes when you exit the browser and come back, all the windows are gone, and maybe even missing from history. Horribly inconsistent unless you've memorized how it functions and what state it's in.
In messaging, if you switched by holding down home, sometimes hitting back will take you to all threads, sometimes it exits the app. If you use Menu>More>All Threads, it appears you've exited the thread, but if you hit back again, the thread you've exited from reappears.
AC@15:57 is quite right; As a developer, follow the profits. I disagree with him that I am not sure that Android will be a stronger revenue source in the future. Or rather, that Android's marketplace will reach as many customers as things like OPhone and carrier customization fragment things. But that's the reason we don't put all our eggs in one basket.
*Not that there's anything wrong with making an advertising buck. By the way, is it me, or did El Reg's flash-based adverts go away?
**Yes, even though I'm an iPhone dev, because I want to give AT&T as least of my money as possible. I used to have a Sidekick, but MSFT killed that off.
***I'm aware that if I were to root and hack my system I *might* cobble together a 2.1 build. But that'd be like saying the iPhone doesn't have app store restrictions because you can jailbreak it.
****Technically you can install iPhone OS 4 on a 3G, but I'd heavily advise against it, which is a nice way of saying, 'it sucks on the 3G'.
But I've not seen any copy protection that works 100% (apart from the PS3, and that's because its partially hardware).
People will just end up cracking either android or the software or both like they do on iPhone.
A nice idea for software trials for the average user though... but piracy always finds a way I'm afraid.
But "good enough"?
I think you may have missed the point here, much like a lot of folk, and it comes down to finding a balance that (a) keeps enough income for you, the developer, and (b) avoids pissing the legitimate customer off.
If you keep say 80% of users paying a quid or two for their apps, and no one really has trouble, then you could sell millions and you have won financially.
If, on the other hand you piss off your users but enforce 99.9% pay rates then you could end up getting a few quid from just a couple of thousand. FAIL.
Sadly a lot of companies fall in to the 2nd category because the believe their IP is so damn precious they can't allow anyone to bypass the increasingly complex, expensive, and inconvenient systems. Which often don't work for long as there need only be one hacker that is brighter, luckier, and/or more resourceful then them.
Find the right balance and you will be rewarded, maybe Android will have it? Devil in the detail though.
Wait until the Daily Mail gets hold of this!
The Google docs say:
"The application provides its package name and a nonce"
Oi! You nonce!
re: Wait until the Daily Mail gets hold of this!
That's just Nonce Sense (etc.)
Glad Google is doing something about the rather easy piracy in Android, it's long overdue.
Pikey Freeloaders ?
I don't have any problem with buying software but if I need to go to china currently it costs me a fortune to call back with my mobile or use data while I'm there.
This will just increase the cost unless developers set it to reasonable limits like checks once a fortnight or every 100 launches, rather than everyday or every launch.
Some data roaming rates charge per day used and there is usually a 100 kb minimum charge per session. For visitors to the US for example, validation could soon cost more than a typical app price.
Minimal problem on iPhones?!
.. apart from my missus (who works for apple) everyone I know with an i-cant-phone has it jail broken and rammed full of "trial" (read: stolen) apps ..
Of course, this could just say something about the sort of people I know (financial fools maybe, but at least minimally tech savvy) ..
"If it were Apple doing this, ..."
...it would be an improvement. Since it's Google doing this, people are upset. It's all about the baseline.
1984 avatar because... you know...
One can only hope..
..that this will screw those spamming tards all over the app store, spamming their pirate site-.All over the feckin' app store, a******p********d.com (I don't intend to give those meerkat mimsies a free advert).
As it is, done right, this will work like steam, as long as the caching is used properly.
What part of open source did I miss
Well everyone else covered roaming data charges, and time bombed shiteware and most of the other good stuff. But I can still add this nugget:
Android is open source right? Even if they don't open source that module it wouldn't matter any at all. The API is known, most anyone with just a little time and a compiler should be able to defeat this or any other documented API in fairly short order. You say "Oh no, that would beak marketplace". WHY? I can wrap and rename marketplace - done and dusted. WAY easier than installing a custom build when you don't have root access. Well some people allege to have figured that out in some special cases. But it seems you must have physical access to the hardware to make that work, so no worries there.
I agree with not wanting your stuff pirated, but this seems trivially stupid.
The eternal arms race
I haven't fully read the docs, but it does look like they use public key encryption to ensure that the response is a valid one coming from Google, and that some of the API is compiled into your app. That is, it's entirely possible that the only part the OS provides is the HTTP connection. If the verification also includes an encrypted timestamp to thwart repeating the verification, even replacing the OS might be insufficient to crack it.
Of course, were you to modify the application, all bets are off already, open source or not.
If this proves to be in the slightest inconvenient with respect to software I bought, or if I get a whiff that its is harvesting more data, I'll just replace the validation lib with something I wrote myself and give it away.
But what if I'm underground?
What if I (in New York) am on the New York subway; there's no signal there. Does that mean I can't launch my app? I regularly fire up an ebook reader or a game of solitaire or similar so I can pass the 1/2hr or so until I reach my destination without being bored.
Having a anti-piracy API require live-data access just doesn't work. It should create a cryptographically signed key which can be stored on the device and is specific to the device. Then the app can verify the key at startup regardless of data access.
An API that reports back to the mothership
...from the biggest data harvesters on the planet. Not especially surprising. I wouldn't have anything as personal as a phone with an OS written by Google. Looks shiny and everything, but just...no. Or an iPhone, for similar reasons.
Will not buy app which includes this technology
Any app with a "dial home in order to work" schema will not be installed on my phone. As listed by others, roaming and data charges are a big concern, but the bigger issue for me is the longevity of the developer. What happens if the developer is no longer around to provide authorization tokens? How will I get a refund for the application and my time spend to learn it when I can no longer use the application I paid for?
I tend to keep my apps around, and I have a VERY BIG issue with "I just fixed the help file, it is now a new version, please update / upgrade for only 50% of the original purchase price" which seems to be the trend in the industry. I have no issues with developers being paid, but I do have an issue with forced upgrades or mixing up a SALE (can use the software forever once I paid the license) with a TIME LIMITED RENTAL (until next rev comes around, 6 to 8 month down the road, then only the newer version gets tokens).
I still use once in a while my WordStar on a Kaypro 4 CP/M computer, and it still works, although none of the companies involved are still around (Digital Research for the OS, WordStart Corp. for the program and Kaypro for the hardware). If Google gets its way and this dial home for token schema takes off, you are SOL when, not if, any of the companies involved in the authorization chain goes out of business or decides to stop supporting the older versions of their software.
I've run into DRM issues with critical pieces of software which are no longer supported (vendors out of business, huge expenses to move over to a competitor) in the CAD and CAM world, and I see no reason to buy with my personal cash into the same problem on my cell phone.
Hope Marketplace clearly marks the apps which dial home in order to work, so I can avoid them like the plague....
RE: Palm OS
"Palm OS had a nice feature locking applications to user names, which not only meant applications couldn't easily be copied between users but automatically allowed migration to new hardware."
Not very effective, though. There's an easy to use app that lets you spoof or reset names on a per-app basis.
Just another reason not to use Android for me
While it's reasonable that developers should have some means of protecting their work, the features mentioned for the API in this article go way beyond that purpose. Giving developers the option to limit the number of times the app can be launched? That stinks of the same rip-off as that known as pay-per-view. If I pay for an application or media content, I get to keep it for as long as I want and use it whenever I want, without being forced to pay again and again for what I've already purchased. These artificial restrictions are tantamount to theft, because they take my money and then prevent me from using what I paid for. And it guarantees I won't be using the Android platform now or in the future.
Not on my phone
Phone home before I can use app I already paid? There is no way in hell I'm going to install any of those. If you happen to be overseas, as already pointed out here, the data charge would be huge (remember mobile data charge by a block of certain amount).
However, it is still miles better than Apple, at least, you don't have to use the "official" market.
Market app is not open, not on all Android phones
There is a problem with using the Market app to "call home". As it hasn't been released under an open source licence, only phones with licences from Google have it. Those using the fully open Android code (like Android on Freerunner) cannot use this code, since they cannot install the market app.
- Review Reg man looks through a Glass, darkly: Google's toy ploy or killer tech specs?
- +Comment 'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Ofcom will not probe lesbian lizard snog in new Dr Who series
- Rejoice, Windows fans: Stable 64-bit Chromium drops for Win 7 and 8