Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Adds Licensing Server DRM To Android Market

Posted by Soulskill on from the do-androids-dream-of-electric-rights dept.

eldavojohn writes "According to AfterDawn, Google has given app makers the option to use a license server as DRM to ensure the user has paid for an app before they can download it. Reportedly, the Market app will communicate with a Google license server using RSA encryption. It is important to note this is only available for non-free apps (built with SDK 1.5 and later), and it was instituted to provide a better solution to the old and widely criticized copy protection scheme that was susceptible to Android app piracy (like sideloading). For better or for worse, Android's Marketplace appears to now have an optional, phone-home form of DRM." Following news of the new licensing service, Hexage Ltd, makers of a popular Android game called Radiant, released the data they had collected on piracy of Radiant over a 10-month period beginning last October. A series of charts shows total users, paid users and the piracy rate, by region.

29 of 184 comments (clear)

  1. Paid apps are not available in many countries. by sbrubblesman · · Score: 3, Insightful

    Maybe if paid apps for android market where available for everywhere, piracy rates would be much smaller. I'd rather google made paid apps available everywhere before they add DRM.

  2. Building up Android by BassMan449 · · Score: 4, Insightful

    I don't fault Google for adding this in. They are trying to build up Android and one part of doing that is by developing a strong development ecosystem around it. The problem is if there is huge piracy numbers it's hard to get money behind developing an app for Android. By giving some businesses a little more comfort, they can help to encourage adoption of the platform as a viable development platform for a business.

    1. Re:Building up Android by unix1 · · Score: 3, Insightful

      This is generally a bad idea:

      1. Much of the justification for paid apps when both free and paid are available, is to get rid of the ads and tracking in the free versions (admob, etc. at dev's option). Now, you'll be tracked by Google (again, at developer's option) even for paid apps.

      2. There are 2 modes: strict and server managed. Strict mode will always verify license every time you start an app. This is useless when no network connection is available - e.g. on airplane, and gives maximum tracking to Google. Server managed can cache the server response and use the cached response when there's no network connection available. This has 2 problems: (1) from users' perspective: you'll have to pre-open such apps that you'd want to use on a plane before taking off (or going off-roading, camping, hiking, etc.) - for example, you don't usually play a certain game (but you will on a plane), so cached response could have expired - better remember to pre-open and re-cache everything before taking off! Users shouldn't have to deal with this crap. And (2) from developers' perspective: the cached response is stored "obfuscated" locally. The "obfuscation" is an encrypted file with a 20-byte salt. The salt is stored inside the application. This is not secure by design and once broken, useless.

      There are better ways, none of which involve a lot of extra tracking by Google. For example, even in this licensing scheme, since the salt stays the same per apk, why not just validate the license at install time, and "cache" the encrypted license forever for that specific apk? Another option - why not encrypt the apk itself, decrypt when run or JIT compiled binaries only. In general, why not implement a generic encrypted storage container that could be used by users, developers, and the OS to securely store any information? This could even be encrypted via an optional user-settable password to an encryption key. This is not rocket science, it's been done everywhere else.

  3. Re:"Do no evil" by Monkeedude1212 · · Score: 3, Insightful

    You know its surprising how much significant financial interest there is in other pathways than the one Google has taken, yet you don't see them abusing it.

    Don't get me wrong, everyone has the right and definately should be wary of what Google does being in the position Google is in. (Great power, Great responsibility, blah blah blah).

    But giving developers the option to use a DRM server for their priced apps?

    Where is the evil in that?

  4. I don't see the problem. by DWMorse · · Score: 5, Insightful

    At the great risk to my karma, I guess I have to just pipe up and say that I don't see the problem here.

    License-server based apps have been selling on various platforms for years. Decades. Android now supports this, adding a little attraction to developers to invest time and money making an application for use on Android. Given the lack of QA on a great many Android apps (can anyone offer an explanation how Facebook for Android is such pure garbage, all jokes about content aside?) I for one see this as a step in the right direction.

    Android developers, you now have a piracy deterrent for your applications you would like monetary compensation for creating, and more importantly, maintaining. I fail to see how this is evil and how any of the wry 'do-no-evil-lol' quips are deserved.

    --
    There's a spot in User Info for World of Warcraft account names? Really?
  5. Re:Looks like... by rotide · · Score: 2, Insightful

    For those that never wanted to pay for apps that the developers wanted to _sell_.

    DRM isn't a requirement here. If two apps exist in an equally functional form and one has DRM while the other doesn't, I know what one I'm picking. If I don't like the DRM, I have a choice to not get DRM'd apps.

    It's still consumer choice at this point. Google is just offering a way for developers to DRM their apps if they so choose to do so. If it ends up not being popular, the developers can choose to remove the DRM.

  6. Re:"Do no evil" by betterunixthanunix · · Score: 5, Informative

    Also, a lot of people disagree with paying for apps as that goes against the purpose and concept of free software

    http://www.gnu.org/philosophy/selling.html

    --
    Palm trees and 8
  7. Paying for apps by tepples · · Score: 2, Informative

    Also, a lot of people disagree with paying for apps as that goes against the purpose and concept of free software (and associated benefits/gains).

    Except there are several genres of application that free software developers have so far failed to deliver. I've listed several other as-yet-uncloned apps in this comment.

  8. Explaining Piracy Figures by acid06 · · Score: 4, Informative

    You can see in the charts something like 98% piracy in South America.
    This happens because... there's no way to buy applications if you're in South America. So, anyone with a paid application here *has* to pirate it.

    1. Re:Explaining Piracy Figures by tepples · · Score: 3, Insightful

      If you have to infringe because the legitimate publisher doesn't want to take your money, then copyright is failing "To promote the Progress of Science and useful Arts".

    2. Re:Explaining Piracy Figures by 91degrees · · Score: 3, Insightful

      I don't follow.

      Of course a publisher has the right not to sell his software. I just don't see that he is harmed if the people he chose not to sell it to pirate a copy. He hasn't lost anything. He still has his copy. He can't claim a lost sale since if the pirate hadn't pirated then there still wouldn't have been a sale.

      Why does he have the right to disadvantage everyone else?

    3. Re:Explaining Piracy Figures by MBCook · · Score: 3, Insightful

      Why is your right to acquire something more important than his right to control his creation?

      While someone's right to their own creation is pretty well established (after all, that's the purpose of copyright), where does the idea that people should have to either sell you something or let you take it come from?

      It seems like just because something isn't physical (has no marginal cost), people argue that a creator's rights don't apply.

      --
      Comment forecast: Bits of genius surrounded by a sea of mediocrity.
    4. Re:Explaining Piracy Figures by Rich0 · · Score: 2, Insightful

      That depends on the local laws.

      Unless something has changed, for example, it is completely legal to intercept DirecTV service in Canada (I know it used to be at least). Why? Simple - DirecTV refused to sell service to Canadians (licensing issues and all that), so Canada just said, well, we won't regard cloning of access cards/etc as theft of service. As a result you can sell cloned smartcards or whatever in your local walmart if you want.

      Perhaps that has changed, but the bottom line is that if you refuse to actually provide a service in some country, don't expect that country's government to do much to protect your non-existent market.

    5. Re:Explaining Piracy Figures by Rich0 · · Score: 3, Insightful

      While someone's right to their own creation is pretty well established (after all, that's the purpose of copyright), where does the idea that people should have to either sell you something or let you take it come from?

      Uh, nobody is taking anything from anybody - they're making a copy. The creator still has their creation, and they are completely unharmed.

      I'm fine with the purpose of copyright - encouraging the creation of content by giving the creator a limited monopoly on their creation so that they can monetize it and finance the creation. The problem is that in this case no monetization is happening, which means the law has failed to achieve its purpose.

      A copyright law that only protected works that were available for sale would be JUST as effective at promoting science and the arts. Indeed, it would be more effective as it would remove the extinction of orphan works. Ditto for a law that limits copyright to some sane duration.

      For some reason everybody acts like copyright exists to protect the rights of content creators. It doesn't exist for this purpose at all. It exists to benefit society by creating a demand for content creators in the first place. Content creators who don't share their content at all have no benefit to society at all. Now, that's fine if you want to paint masterpieces in your basement - nobody is forcing you to sell it. However, you aren't harmed at all if your masterpiece can be purchased at the local walmart if you weren't ever going to sell it yourself.

      Who is being harmed in this case, and how? And I don't hurt feelings either - I'm talking about loss of some kind that can be measured in things you can see and touch.

    6. Re:Explaining Piracy Figures by the_womble · · Score: 3, Insightful

      Because there is no intrinsic right to control your creation.

      It is a monopoly granted by the state because it is deemed to be for the public good by creating an incentive (see the US constitution) and to ensure that you can share profits others make on your work (one reason for the Statute of Queen Ann).

      If neither of these apply (which it clearly does not in these circumstances) you have just subverted the reason it (copyright) exists in the first place.

    7. Re:Explaining Piracy Figures by Rich0 · · Score: 2, Insightful

      That art has to be made by someone, and it cost money to live, by not paying for art you are depriving the artists of the means to make their art.

      You're not paying them either way - because they aren't accepting payment.

      It doesn't matter if the creator is never selling their art, if you copy it, you are still hurting creators who are selling their art by displacing your need for that type of art from art that is for sale which would support someone, to art that isn't for sale that you stole.

      Now you're arguing that by copying one person's art (which cannot be obtained in any other way) I'm depriving some other artist of income, since I have some desperate need for art and if I couldn't get one for free I'd buy another.

      That is like arguing that every time you download a copy of linux some kitten in Redmond dies.

      Obviously free art reduces the market for paid art. Should we make it illegal to offer one's art for free?

      I just don't see any of this as being a valid arguemnt. In any case, legally it is a simple matter. The artist isn't selling their work, so people pirate it. If the artist has a problem with it they can seek legal recourse in the country in which this is happening. When the artist explains to the court that they don't consider the country important enough to bother selling their work in in the first place, I'm sure that court will be quite eager to throw the book at the poor guy who just wanted some piece of software. Just ask the Canadians how that worked for DirecTV.

      I don't see this as a moral issue at all.

  9. Call me paranoid by MikeyVB · · Score: 3, Interesting

    With recent news about certain Android apps sending private information to whomever created it, I have recently installed DroidWall to filter access (e.g. - Battery meter apps!? Puh-leez!) to my phone's data connection.

    If some app expects me to allow a data connection just to prove I am not a thief, sorry, I won't be buying it! And yes, I do purchase apps that I consider worthy.

    And what happens if someone is abroad? Would they have to pay $20 in roaming charges to play some bubble bobble game for an hour while waiting in some airport?

    1. Re:Call me paranoid by yincrash · · Score: 2, Interesting

      I believe that this doesn't actually require the app to need the Internet permission. I believe it just requests the pay information from the Market app and the Market app uses the Internet, so you'd have to use droidwall to block market's internet access.

  10. Re:"Do no evil" by abigor · · Score: 4, Insightful

    Also, a lot of people disagree with paying for apps as that goes against the purpose and concept of free software (and associated benefits/gains).

    I can't believe people still confuse free as in beer and free as in freedom, despite how many times people point out the difference on here.

    Free software types are not opposed to for-pay software, at all. The two concepts are not related.

  11. Re:"Do no evil" by LainTouko · · Score: 4, Insightful

    The potential evil is one of deceit, it's in colluding with someone who claims to be 'selling' an application, which in reality is programmed to disobey the person deceived into thinking they own it if it can't find this DRM server.

    Using DRM, by itself, is not an issue. It's this refusal to be clear that, by doing so, you've changed 'selling' into a strange form of rental (with incompletely specified conditions) which is the evil bit. If you participate in an activity which looks like selling, but doesn't actually give the 'buyer' the freedoms they get when they buy a useful object normally, that looks like complicity in fraud to me.

    Lots of others may be doing it, but in morality this is no excuse.

  12. Looking at piracy figures... by SuperKendall · · Score: 2, Interesting

    ... now I see why we have always been at war with Oceania - they are apparently stealing all our apps.

    It's pretty amazing the North America piracy figure is so much lower. I wonder if that's the result of a far larger user base in NA? Or are Europeans (where I thought the figure would be similar) just have a more pirate-prone culture?

    It would also be interesting to see beyond this static view, how many users they saw going from pirated to paid. That I think is the key figure to understand if piracy is a problem or a marketing tool.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  13. Re:This one has got to be killing the Apple haters by BobMcD · · Score: 2, Insightful

    I think the essential element you're missing is that Andriod's DRM is only an option. Otherwise you'd be right.

  14. Universal Paid Apps by erik.martino · · Score: 2, Insightful

    It is obvious that the piracy level is higher in regions where it is impossible to buy paid apps. For the sake of the application customers, application publishers and the Android ecosystem, please do something about it google. The ratio between paid versus free apps in the Android Market is extremely tilted towards free apps for this very reason. As long as there are countries where it is impossible to buy paid apps for Android there will be people who will pirate and crack the applications.

  15. Re:"Do no evil" by LWATCDR · · Score: 3, Insightful

    "Also, a lot of people disagree with paying for apps as that goes against the purpose and concept of free software (and associated benefits/gains)."

    No you are wrong. You are super wrong. You are full of it.
    If you are talking about GNU/FSF/RMS meaning of the free software.

    It goes against the purpose and concept of free software to us free software.
    As betterunixthanunix points out GNU has no problem with charging for software at all.

    So yes you can pay for free software all you want. To follow the purpose and concept of free software you would disagree with and refrain from using any software that you where not free to distribute and that did not give you the source or at least an offer of the source!

    Not liking DRM is also okay.
    But just taking the software is just being a rotten cheapskate that refuses to pay the developer what the developer thinks his product is worth. And you are violating his rights to license his software how he sees fit.
    In other words your being a jerk when you pirate some $ 1.99 game for you cell phone and being anti free software at the same time.

    --
    See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
  16. If only Google could actually get it *RIGHT*... by Miamicanes · · Score: 2, Interesting

    There were (at least) two fundamental flaws with the original Android Market protection scheme, neither of which appears to have been rectified by this change (besides possibly to make matters worse for end users):

    * As everyone has already noted, lots of people around the world with Android phones can't actually buy apps from Android Market, EVEN IF they have a Mastercard/Visa/AMEX card with dollar-denominated account. That's just plain fucked.

    * You can't officially purchase and run protected Market apps if your phone is running an unblessed "Developer" kernel. Of course, there's not a single goddamn phone from HTC, Samsung, or Motorola with Google-blessed kernel that has BlueZ Bluetooth HID profile compiled into it, so it's impossible to build your own kernel with it enabled without being formally exiled from 99% of commercial Android apps. At least, unless you crack them. Any DRM scheme that forces legitimate users to crack apps they purchased in order to use them is fundamentally broken, especially when there are still gaping holes in Android phones that need a customer kernel to fix.

    As for "developer's option" whether or not to cache, let's be honest... at least half the developers publishing commercial apps don't have the slightest clue in HELL how to implement a secure caching scheme, and they aren't going to purchase a proprietary one that demands more money up front than they're likely to earn from the app's sale. So, anybody care to guess what's going to happen? Most apps in Market are going to end up checking the server every goddamn time, because the alternatives are too hard/expensive for most Android publishers to deal with. IMHO, Google got THAT part EGREGIOUSLY wrong. They should have distributed the Android DRM module themselves, and made it free & easy for publishers to do cached checking, but left it difficult and minimally-documented how to bypass that caching and check the server every time.

    I love Android. I really do. But it's so incredibly frustrating when Google turns around and fucks things up in ways that CAN'T be fixed by end users with access to Android's sourcecode... usually, mistakes that are almost incomprehensible given the amount of in-house talent and expertise Google has available to it. At times, Google actually manages to make even *Microsoft* look coherent and customer-focused.

    1. Re:If only Google could actually get it *RIGHT*... by KlaymenDK · · Score: 2, Informative

      As for "developer's option" whether or not to cache, let's be honest... at least half the developers publishing commercial apps don't have the slightest clue in HELL how to implement a secure caching scheme, and they aren't going to purchase a proprietary one that demands more money up front than they're likely to earn from the app's sale. So, anybody care to guess what's going to happen? Most apps in Market are going to end up checking the server every goddamn time, because the alternatives are too hard/expensive for most Android publishers to deal with.

      First of all, the devs don't have to implement very much else than an API call ("LicenseChecker.checkAccess()") and supplying code for the two callbacks "allow()" and "dontAllow()". See http://developer.android.com/guide/publishing/licensing.html (yeah, they call it a "licensing service" rather than DRM, no real surprise).

      Second, it's very easy for devs to choose the best (from our point of view) option: you use an instance of either "ServerManagedPolicy" (uses cache fallback) or "StrictPolicy" (insists on connection).

      --
      "Good news, everyone!"
  17. Re:In today's world, libre implies gratis by h4rr4r · · Score: 3, Interesting

    Sell binaries offer only sources as no cost. That will compel most to pay.

  18. Re:"Do no evil" by h4rr4r · · Score: 2, Insightful

    If you could copy one without any impact on Ze Germans who built the one at the lot, I would think you might be able too.

    I would advise you to instead replicate cars people intend to be FREE in that manner, but it would not be anything like stealing a physical car.

  19. Re:"Do no evil" by ScrewMaster · · Score: 3, Informative

    As in you can get the source, change it, compile it, get it to work with your own hardware, and redistribute it.

    Or even improve it.

    --
    The higher the technology, the sharper that two-edged sword.