Google Adds Licensing Server DRM To Android Market

eldavojohn writes "According to AfterDawn, Google has given app makers the option to use a license server as DRM to ensure the user has paid for an app before they can download it. Reportedly, the Market app will communicate with a Google license server using RSA encryption. It is important to note this is only available for non-free apps (built with SDK 1.5 and later), and it was instituted to provide a better solution to the old and widely criticized copy protection scheme that was susceptible to Android app piracy (like sideloading). For better or for worse, Android's Marketplace appears to now have an optional, phone-home form of DRM." Following news of the new licensing service, Hexage Ltd, makers of a popular Android game called Radiant, released the data they had collected on piracy of Radiant over a 10-month period beginning last October. A series of charts shows total users, paid users and the piracy rate, by region.

This is actually not a bad thing...

[Anonymous Coward]

If I had to choose between an app checking to see if the user purchased this from the Android store, or DRM schemes using various encryption techniques, remotely pushed keys, daemons that would disable Google accounts if they detected a phone was rooted, I'll take the simple API calls.

Paid apps are not available in many countries.

[sbrubblesman]

Maybe if paid apps for android market where available for everywhere, piracy rates would be much smaller. I'd rather google made paid apps available everywhere before they add DRM.

Building up Android

[BassMan449]

I don't fault Google for adding this in. They are trying to build up Android and one part of doing that is by developing a strong development ecosystem around it. The problem is if there is huge piracy numbers it's hard to get money behind developing an app for Android. By giving some businesses a little more comfort, they can help to encourage adoption of the platform as a viable development platform for a business.

Re:"Do no evil"

[Monkeedude1212]

You know its surprising how much significant financial interest there is in other pathways than the one Google has taken, yet you don't see them abusing it.

Don't get me wrong, everyone has the right and definately should be wary of what Google does being in the position Google is in. (Great power, Great responsibility, blah blah blah).

But giving developers the option to use a DRM server for their priced apps?

Where is the evil in that?

I don't see the problem.

[DWMorse]

At the great risk to my karma, I guess I have to just pipe up and say that I don't see the problem here.

License-server based apps have been selling on various platforms for years. Decades. Android now supports this, adding a little attraction to developers to invest time and money making an application for use on Android. Given the lack of QA on a great many Android apps (can anyone offer an explanation how Facebook for Android is such pure garbage, all jokes about content aside?) I for one see this as a step in the right direction.

Android developers, you now have a piracy deterrent for your applications you would like monetary compensation for creating, and more importantly, maintaining. I fail to see how this is evil and how any of the wry 'do-no-evil-lol' quips are deserved.

Re:Looks like...

[rotide]

For those that never wanted to pay for apps that the developers wanted to _sell_.

DRM isn't a requirement here. If two apps exist in an equally functional form and one has DRM while the other doesn't, I know what one I'm picking. If I don't like the DRM, I have a choice to not get DRM'd apps.

It's still consumer choice at this point. Google is just offering a way for developers to DRM their apps if they so choose to do so. If it ends up not being popular, the developers can choose to remove the DRM.

Re:"Do no evil"

[bonch]

it has more to do with catering to legacy companies who think that they can somehow combat piracy. In reality, costs go down significantly over time for ongoing software development, so even if a small subset of the folks pirating slowly convert over time you're only going to continue to make more and more money.

[citation needed]

Also, a lot of people disagree with paying for apps as that goes against the purpose and concept of free software (and associated benefits/gains).

Those people would be ideologues. If ideology is that important to them, they shouldn't be using Android anyway because it's not an open platform [projectgus.com].

Re:"Do no evil"

[abigor]

Also, a lot of people disagree with paying for apps as that goes against the purpose and concept of free software (and associated benefits/gains).

I can't believe people still confuse free as in beer and free as in freedom, despite how many times people point out the difference on here.

Free software types are not opposed to for-pay software, at all. The two concepts are not related.

Re:Explaining Piracy Figures

[tepples]

If you have to infringe because the legitimate publisher doesn't want to take your money, then copyright is failing "To promote the Progress of Science and useful Arts".

Re:"Do no evil"

[LainTouko]

The potential evil is one of deceit, it's in colluding with someone who claims to be 'selling' an application, which in reality is programmed to disobey the person deceived into thinking they own it if it can't find this DRM server.

Using DRM, by itself, is not an issue. It's this refusal to be clear that, by doing so, you've changed 'selling' into a strange form of rental (with incompletely specified conditions) which is the evil bit. If you participate in an activity which looks like selling, but doesn't actually give the 'buyer' the freedoms they get when they buy a useful object normally, that looks like complicity in fraud to me.

Lots of others may be doing it, but in morality this is no excuse.

Re:Explaining Piracy Figures

[MBCook]

Why doesn't a publisher have a right to choose not to sell somewhere/to someone?

So it's OK to steal it, because you can't buy it? So what if the publisher sells it to one person in South America? It was available, so now it's not OK?

That argument doesn't seem to hold up.

Re:This one has got to be killing the Apple haters

[BobMcD]

I think the essential element you're missing is that Andriod's DRM is only an option. Otherwise you'd be right.

Re:Explaining Piracy Figures

[91degrees]

I don't follow.

Of course a publisher has the right not to sell his software. I just don't see that he is harmed if the people he chose not to sell it to pirate a copy. He hasn't lost anything. He still has his copy. He can't claim a lost sale since if the pirate hadn't pirated then there still wouldn't have been a sale.

Why does he have the right to disadvantage everyone else?

Re:Building up Android

[unix1]

This is generally a bad idea:

1. Much of the justification for paid apps when both free and paid are available, is to get rid of the ads and tracking in the free versions (admob, etc. at dev's option). Now, you'll be tracked by Google (again, at developer's option) even for paid apps.

2. There are 2 modes: strict and server managed. Strict mode will always verify license every time you start an app. This is useless when no network connection is available - e.g. on airplane, and gives maximum tracking to Google. Server managed can cache the server response and use the cached response when there's no network connection available. This has 2 problems: (1) from users' perspective: you'll have to pre-open such apps that you'd want to use on a plane before taking off (or going off-roading, camping, hiking, etc.) - for example, you don't usually play a certain game (but you will on a plane), so cached response could have expired - better remember to pre-open and re-cache everything before taking off! Users shouldn't have to deal with this crap. And (2) from developers' perspective: the cached response is stored "obfuscated" locally. The "obfuscation" is an encrypted file with a 20-byte salt. The salt is stored inside the application. This is not secure by design and once broken, useless.

There are better ways, none of which involve a lot of extra tracking by Google. For example, even in this licensing scheme, since the salt stays the same per apk, why not just validate the license at install time, and "cache" the encrypted license forever for that specific apk? Another option - why not encrypt the apk itself, decrypt when run or JIT compiled binaries only. In general, why not implement a generic encrypted storage container that could be used by users, developers, and the OS to securely store any information? This could even be encrypted via an optional user-settable password to an encryption key. This is not rocket science, it's been done everywhere else.

Universal Paid Apps

[erik.martino]

It is obvious that the piracy level is higher in regions where it is impossible to buy paid apps. For the sake of the application customers, application publishers and the Android ecosystem, please do something about it google. The ratio between paid versus free apps in the Android Market is extremely tilted towards free apps for this very reason. As long as there are countries where it is impossible to buy paid apps for Android there will be people who will pirate and crack the applications.

Re:"Do no evil"

[LWATCDR]

"Also, a lot of people disagree with paying for apps as that goes against the purpose and concept of free software (and associated benefits/gains)."

No you are wrong. You are super wrong. You are full of it.
If you are talking about GNU/FSF/RMS meaning of the free software.

It goes against the purpose and concept of free software to us free software.
As betterunixthanunix points out GNU has no problem with charging for software at all.

So yes you can pay for free software all you want. To follow the purpose and concept of free software you would disagree with and refrain from using any software that you where not free to distribute and that did not give you the source or at least an offer of the source!

Not liking DRM is also okay.
But just taking the software is just being a rotten cheapskate that refuses to pay the developer what the developer thinks his product is worth. And you are violating his rights to license his software how he sees fit.
In other words your being a jerk when you pirate some $ 1.99 game for you cell phone and being anti free software at the same time.

Re:"Do no evil"

[h4rr4r]

If you could copy one without any impact on Ze Germans who built the one at the lot, I would think you might be able too.

I would advise you to instead replicate cars people intend to be FREE in that manner, but it would not be anything like stealing a physical car.

Re:Explaining Piracy Figures

[MBCook]

Why is your right to acquire something more important than his right to control his creation?

While someone's right to their own creation is pretty well established (after all, that's the purpose of copyright), where does the idea that people should have to either sell you something or let you take it come from?

It seems like just because something isn't physical (has no marginal cost), people argue that a creator's rights don't apply.

Re:Explaining Piracy Figures

[Rich0]

That depends on the local laws.

Unless something has changed, for example, it is completely legal to intercept DirecTV service in Canada (I know it used to be at least). Why? Simple - DirecTV refused to sell service to Canadians (licensing issues and all that), so Canada just said, well, we won't regard cloning of access cards/etc as theft of service. As a result you can sell cloned smartcards or whatever in your local walmart if you want.

Perhaps that has changed, but the bottom line is that if you refuse to actually provide a service in some country, don't expect that country's government to do much to protect your non-existent market.

Re:Explaining Piracy Figures

[Rich0]

While someone's right to their own creation is pretty well established (after all, that's the purpose of copyright), where does the idea that people should have to either sell you something or let you take it come from?

Uh, nobody is taking anything from anybody - they're making a copy. The creator still has their creation, and they are completely unharmed.

I'm fine with the purpose of copyright - encouraging the creation of content by giving the creator a limited monopoly on their creation so that they can monetize it and finance the creation. The problem is that in this case no monetization is happening, which means the law has failed to achieve its purpose.

A copyright law that only protected works that were available for sale would be JUST as effective at promoting science and the arts. Indeed, it would be more effective as it would remove the extinction of orphan works. Ditto for a law that limits copyright to some sane duration.

For some reason everybody acts like copyright exists to protect the rights of content creators. It doesn't exist for this purpose at all. It exists to benefit society by creating a demand for content creators in the first place. Content creators who don't share their content at all have no benefit to society at all. Now, that's fine if you want to paint masterpieces in your basement - nobody is forcing you to sell it. However, you aren't harmed at all if your masterpiece can be purchased at the local walmart if you weren't ever going to sell it yourself.

Who is being harmed in this case, and how? And I don't hurt feelings either - I'm talking about loss of some kind that can be measured in things you can see and touch.

Re:Explaining Piracy Figures

[the_womble]

Because there is no intrinsic right to control your creation.

It is a monopoly granted by the state because it is deemed to be for the public good by creating an incentive (see the US constitution) and to ensure that you can share profits others make on your work (one reason for the Statute of Queen Ann).

If neither of these apply (which it clearly does not in these circumstances) you have just subverted the reason it (copyright) exists in the first place.

Re:Explaining Piracy Figures

[Rich0]

That art has to be made by someone, and it cost money to live, by not paying for art you are depriving the artists of the means to make their art.

You're not paying them either way - because they aren't accepting payment.

It doesn't matter if the creator is never selling their art, if you copy it, you are still hurting creators who are selling their art by displacing your need for that type of art from art that is for sale which would support someone, to art that isn't for sale that you stole.

Now you're arguing that by copying one person's art (which cannot be obtained in any other way) I'm depriving some other artist of income, since I have some desperate need for art and if I couldn't get one for free I'd buy another.

That is like arguing that every time you download a copy of linux some kitten in Redmond dies.

Obviously free art reduces the market for paid art. Should we make it illegal to offer one's art for free?

I just don't see any of this as being a valid arguemnt. In any case, legally it is a simple matter. The artist isn't selling their work, so people pirate it. If the artist has a problem with it they can seek legal recourse in the country in which this is happening. When the artist explains to the court that they don't consider the country important enough to bother selling their work in in the first place, I'm sure that court will be quite eager to throw the book at the poor guy who just wanted some piece of software. Just ask the Canadians how that worked for DirecTV.

I don't see this as a moral issue at all.