Google Adds Licensing Server DRM To Android Market

eldavojohn writes "According to AfterDawn, Google has given app makers the option to use a license server as DRM to ensure the user has paid for an app before they can download it. Reportedly, the Market app will communicate with a Google license server using RSA encryption. It is important to note this is only available for non-free apps (built with SDK 1.5 and later), and it was instituted to provide a better solution to the old and widely criticized copy protection scheme that was susceptible to Android app piracy (like sideloading). For better or for worse, Android's Marketplace appears to now have an optional, phone-home form of DRM." Following news of the new licensing service, Hexage Ltd, makers of a popular Android game called Radiant, released the data they had collected on piracy of Radiant over a 10-month period beginning last October. A series of charts shows total users, paid users and the piracy rate, by region.

Paid apps are not available in many countries.

[sbrubblesman]

Maybe if paid apps for android market where available for everywhere, piracy rates would be much smaller. I'd rather google made paid apps available everywhere before they add DRM.

Building up Android

[BassMan449]

I don't fault Google for adding this in. They are trying to build up Android and one part of doing that is by developing a strong development ecosystem around it. The problem is if there is huge piracy numbers it's hard to get money behind developing an app for Android. By giving some businesses a little more comfort, they can help to encourage adoption of the platform as a viable development platform for a business.

Re:Building up Android

[unix1]

This is generally a bad idea:

1. Much of the justification for paid apps when both free and paid are available, is to get rid of the ads and tracking in the free versions (admob, etc. at dev's option). Now, you'll be tracked by Google (again, at developer's option) even for paid apps.

2. There are 2 modes: strict and server managed. Strict mode will always verify license every time you start an app. This is useless when no network connection is available - e.g. on airplane, and gives maximum tracking to Google. Server managed can cache the server response and use the cached response when there's no network connection available. This has 2 problems: (1) from users' perspective: you'll have to pre-open such apps that you'd want to use on a plane before taking off (or going off-roading, camping, hiking, etc.) - for example, you don't usually play a certain game (but you will on a plane), so cached response could have expired - better remember to pre-open and re-cache everything before taking off! Users shouldn't have to deal with this crap. And (2) from developers' perspective: the cached response is stored "obfuscated" locally. The "obfuscation" is an encrypted file with a 20-byte salt. The salt is stored inside the application. This is not secure by design and once broken, useless.

There are better ways, none of which involve a lot of extra tracking by Google. For example, even in this licensing scheme, since the salt stays the same per apk, why not just validate the license at install time, and "cache" the encrypted license forever for that specific apk? Another option - why not encrypt the apk itself, decrypt when run or JIT compiled binaries only. In general, why not implement a generic encrypted storage container that could be used by users, developers, and the OS to securely store any information? This could even be encrypted via an optional user-settable password to an encryption key. This is not rocket science, it's been done everywhere else.

Re:"Do no evil"

[Monkeedude1212]

You know its surprising how much significant financial interest there is in other pathways than the one Google has taken, yet you don't see them abusing it.

Don't get me wrong, everyone has the right and definately should be wary of what Google does being in the position Google is in. (Great power, Great responsibility, blah blah blah).

But giving developers the option to use a DRM server for their priced apps?

Where is the evil in that?

I don't see the problem.

[DWMorse]

At the great risk to my karma, I guess I have to just pipe up and say that I don't see the problem here.

License-server based apps have been selling on various platforms for years. Decades. Android now supports this, adding a little attraction to developers to invest time and money making an application for use on Android. Given the lack of QA on a great many Android apps (can anyone offer an explanation how Facebook for Android is such pure garbage, all jokes about content aside?) I for one see this as a step in the right direction.

Android developers, you now have a piracy deterrent for your applications you would like monetary compensation for creating, and more importantly, maintaining. I fail to see how this is evil and how any of the wry 'do-no-evil-lol' quips are deserved.

Re:"Do no evil"

[betterunixthanunix]

Also, a lot of people disagree with paying for apps as that goes against the purpose and concept of free software

http://www.gnu.org/philosophy/selling.html

Explaining Piracy Figures

[acid06]

You can see in the charts something like 98% piracy in South America.
This happens because... there's no way to buy applications if you're in South America. So, anyone with a paid application here *has* to pirate it.

Re:Explaining Piracy Figures

[tepples]

If you have to infringe because the legitimate publisher doesn't want to take your money, then copyright is failing "To promote the Progress of Science and useful Arts".

Re:Explaining Piracy Figures

[91degrees]

I don't follow.

Of course a publisher has the right not to sell his software. I just don't see that he is harmed if the people he chose not to sell it to pirate a copy. He hasn't lost anything. He still has his copy. He can't claim a lost sale since if the pirate hadn't pirated then there still wouldn't have been a sale.

Why does he have the right to disadvantage everyone else?

Re:Explaining Piracy Figures

[MBCook]

Why is your right to acquire something more important than his right to control his creation?

While someone's right to their own creation is pretty well established (after all, that's the purpose of copyright), where does the idea that people should have to either sell you something or let you take it come from?

It seems like just because something isn't physical (has no marginal cost), people argue that a creator's rights don't apply.

Re:Explaining Piracy Figures

[Rich0]

While someone's right to their own creation is pretty well established (after all, that's the purpose of copyright), where does the idea that people should have to either sell you something or let you take it come from?

Uh, nobody is taking anything from anybody - they're making a copy. The creator still has their creation, and they are completely unharmed.

I'm fine with the purpose of copyright - encouraging the creation of content by giving the creator a limited monopoly on their creation so that they can monetize it and finance the creation. The problem is that in this case no monetization is happening, which means the law has failed to achieve its purpose.

A copyright law that only protected works that were available for sale would be JUST as effective at promoting science and the arts. Indeed, it would be more effective as it would remove the extinction of orphan works. Ditto for a law that limits copyright to some sane duration.

For some reason everybody acts like copyright exists to protect the rights of content creators. It doesn't exist for this purpose at all. It exists to benefit society by creating a demand for content creators in the first place. Content creators who don't share their content at all have no benefit to society at all. Now, that's fine if you want to paint masterpieces in your basement - nobody is forcing you to sell it. However, you aren't harmed at all if your masterpiece can be purchased at the local walmart if you weren't ever going to sell it yourself.

Who is being harmed in this case, and how? And I don't hurt feelings either - I'm talking about loss of some kind that can be measured in things you can see and touch.

Re:Explaining Piracy Figures

[the_womble]

Because there is no intrinsic right to control your creation.

It is a monopoly granted by the state because it is deemed to be for the public good by creating an incentive (see the US constitution) and to ensure that you can share profits others make on your work (one reason for the Statute of Queen Ann).

If neither of these apply (which it clearly does not in these circumstances) you have just subverted the reason it (copyright) exists in the first place.

Call me paranoid

[MikeyVB]

With recent news about certain Android apps sending private information to whomever created it, I have recently installed DroidWall to filter access (e.g. - Battery meter apps!? Puh-leez!) to my phone's data connection.

If some app expects me to allow a data connection just to prove I am not a thief, sorry, I won't be buying it! And yes, I do purchase apps that I consider worthy.

And what happens if someone is abroad? Would they have to pay $20 in roaming charges to play some bubble bobble game for an hour while waiting in some airport?

Re:"Do no evil"

[abigor]

Also, a lot of people disagree with paying for apps as that goes against the purpose and concept of free software (and associated benefits/gains).

I can't believe people still confuse free as in beer and free as in freedom, despite how many times people point out the difference on here.

Free software types are not opposed to for-pay software, at all. The two concepts are not related.

Re:"Do no evil"

[LainTouko]

The potential evil is one of deceit, it's in colluding with someone who claims to be 'selling' an application, which in reality is programmed to disobey the person deceived into thinking they own it if it can't find this DRM server.

Using DRM, by itself, is not an issue. It's this refusal to be clear that, by doing so, you've changed 'selling' into a strange form of rental (with incompletely specified conditions) which is the evil bit. If you participate in an activity which looks like selling, but doesn't actually give the 'buyer' the freedoms they get when they buy a useful object normally, that looks like complicity in fraud to me.

Lots of others may be doing it, but in morality this is no excuse.

Re:"Do no evil"

[LWATCDR]

"Also, a lot of people disagree with paying for apps as that goes against the purpose and concept of free software (and associated benefits/gains)."

No you are wrong. You are super wrong. You are full of it.
If you are talking about GNU/FSF/RMS meaning of the free software.

It goes against the purpose and concept of free software to us free software.
As betterunixthanunix points out GNU has no problem with charging for software at all.

So yes you can pay for free software all you want. To follow the purpose and concept of free software you would disagree with and refrain from using any software that you where not free to distribute and that did not give you the source or at least an offer of the source!

Not liking DRM is also okay.
But just taking the software is just being a rotten cheapskate that refuses to pay the developer what the developer thinks his product is worth. And you are violating his rights to license his software how he sees fit.
In other words your being a jerk when you pirate some $ 1.99 game for you cell phone and being anti free software at the same time.

Re:In today's world, libre implies gratis

[h4rr4r]

Sell binaries offer only sources as no cost. That will compel most to pay.

Re:"Do no evil"

[ScrewMaster]

As in you can get the source, change it, compile it, get it to work with your own hardware, and redistribute it.

Or even improve it.