Android Offload license validation to a trusted server

I've been reading about LVL and have implemented it in my app before with a splash screen checking the license.. but I'm sure you could've guessed it was easily cracked. I'm not trying to secure my app and be 100% fool proof but just want to make it discouraging for crackers to attempt. Since my app requires an online connection and often fetches data from my server I was wanting to implement license checking on the server side, if license is valid it will return data, if not, nothing will be returned. I've read this blog post here: "If your application has an online component, a very powerful technique to prevent piracy is to send a copy of the license server response, contained inside the ResponseData class, along with its signature, to your online server. Your server can then verify that the user is licensed, and if not refuse to serve any online content. Since the license response is cryptographically signed, your server can check to make sure that the license response hasn’t been tampered with by using the public RSA key stored in the Android Market publisher console. When performing the server-side validation, you will want to check all of the following: That the response signature is valid. That the license service returned a LICENSED response. That the package name and version code match the correct application. That the license response has not expired (check the VT license response extra). You should also log the userId field to ensure that a cracked application isn’t replaying a license response from another licensed user. (This would be visible by an abnormally high number of license checks coming from a single userId.)" I just need help to get started on how to perform server-side validation. Yes I can get the response signature, LICENSE or NOT_LICENSED respond, package name, license expiration, but how do I check in on my server? Any help to get started would be greatly appreciated. Thanks for your time.

以上就是Android Offload license validation to a trusted server的详细内容,更多请关注web前端其它相关文章!

赞(0) 打赏
未经允许不得转载:web前端首页 » JavaScript 答疑

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

前端开发相关广告投放 更专业 更精准

联系我们

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏