Wednesday, July 28, 2010

App Licensing

Google took an interesting step recently by adding a service called App Licensing to the Android SDK. I haven't looked at it in detail, but the gist of it is that it's a license validation system for third party apps. It allows third party apps to check with the Android Marketplace to see if it's authorized to run on the particular device. To simplify it beyond recognition: It's sort of like Steam for Android Apps.

This is a bit of a double-edged sword for Google, though. Steam-style online authentication isn't exactly warmly embraced by the proponents of "open" systems, but given how easy it is to pirate applications downloaded from the Android Marketplace (and then return them for a refund!), it's probably a necessary step to attract developers to the platform. Google has to at least look like they're trying to stop the rampant piracy.

But here's the thing: With an open source OS, I can think of a dozen different ways to try and circumvent something like this, and I'm hardly a 1337 hacker. Google can add complexity and make it harder to circumvent, but if someone with the right skills has full access and control over the hardware and software, you can't stop them from getting around any kind of licensing authentication scheme you create. It's like DRM. Within a few months (at most), there'll be an exploit or hack to allow pirated Marketplace apps that use App Licensing to be run without a license. I can almost guarantee it. Google can keep changing the process to fight the pirates, but it's a losing battle, and likely would entail a lot of inconvenience to developers in the process.

This is one area where a closed system has advantages. For us iPhone developers, only about 10% of our potential audience can possibly pirate our apps because pirating requires jailbreaking. That 10% is the starting point. The most it can be. Jailbraking is a quid pro quo, so 90% of our potential market can't, won't, or wouldn't know how to pirate an app. But the real number is even smaller than that. Not everybody who jailbreaks their phone pirates apps - there are other valid reasons to jailbreak (so I'm told, I've never been tempted myself) - and I know people who have jailbroken their phones who are ethical and wouldn't consider pirating an app.

There's no doubt that there are advantages to "open" systems, but there are also disadvantages. In this particular case, one of the most major drawbacks of "open" doesn't hurt Google or the Wireless providers, it hurts third party developers. If that wasn't true, Google wouldn't be devoting engineering hours to try and stop it with 'app licensing'.

Life as an iPhone Dev has it's problems, no doubt. When you have an app sitting in review for months, the way Briefs has been, when you get rejected on seemingly arbitrary or inconsistent grounds, or when you can't implement something that would benefit your users because of a term in the license agreement, it sucks. But, when all is said and done, a good app on the App Store properly promoted can make enough money for a development team to live on. Until that can be said about the "open" Android Marketplace, I simply can't buy into the "open is better" mantra.

If a curated platform offers a better user experience and allows third party developers to actually make money, I just don't see "curated" as a dirty word, no matter how many times Google's Android Evangelist tweets it.


Michael said...

Plus one issue is that this would require all apps to have network at the time of launch.

One thing Apple reviewers always do is to test whether the app launches/handles the situation of no network availability. So what do Google do?

Well by all accounts they are caching a token on the device but that's just another item for a hacker to target.

Jack Axe said...


I love the iPhone technical stuff on your blog but the Android hate posts are getting a bit old. Let me see if I understand the gist of your argument:

- In order to pirate Android apps that use this new licensing scheme, you have to root your phone, boot it in recovery, install a custom rom that circumvents this, and then find the app to install it.

- In order to pirate in iOS, you need to download Spirit, click 1 button, and then download all the apps you want.

Your conclusion seems to be "therefore iOS is better".

Piracy is an issue that Apple needs to deal with, and it's not. Their scheme hasn't changed 1 bit since it was first compromised YEARS ago. At least Google is trying to do something about piracy, credit where credit is due.

Jack Axe said...

Sorry to repost, but after reading about how the Android scheme works your article is even further from the mark. In order to compromise an app you would have to compromise the RSA keys of both Google and the individual developer (or hack apps on an individual basis to bypass this check). On a side note, the security of a system doesn't come from being through obscurity is no security at all. By way of example SSH/SFTP/HTTPS has been an open and well understood scheme for years and years...being open has only made it better! Apple does a lot of things right, having a closed ecosystem where I can't load an app I write on my own device without paying them more money isn't one of them.

miguel said...

What Jack Axe said.

Google's previous system was glaringly bad and had to be fixed, the new system is a major improvement. It will be circumvented, as the iPhone's has been, but the only hope for these types of systems is to discourage casual pirating, this new scheme will hopefully accomplish that.

isaac said...

@ Jack Axe .... they're hardly Android hate posts, as someone who develops with iOS it's perfectly reasonable for Jeff to comment/compare/contrast, and I don't see how this is anything more. You do raise some fair points on the technical details, which are well taken, but I don't see them as Apple-hate either.

Regarding what Apple needs to do about piracy, I'm in complete agreement with Jeff. It isn't a big issue. That doesn't mean it should be ignored (which I'm sure it isn't being), but it's not a top priority, because it's not a top problem in the legitimate eco-system.

At the end of the day, I don't think Apple really cares that much about jailbroken iPhones, or the pirated software that may or may not run on them.

家唐銘 said...


Henrik said...

I can only agree with Jack Axe. I find the Apple related posts interesting to read, but I tend to get slightly annoyed when I read those that bring up things about Android. Worth mentioning is that while I feel this way about the posts, I do have a couple of Apple products and no Android devices, so I feel I'm not biased towards Android myself.

Susi Cox said...

Latest reviews and news about android phones, free droid app and android mobile

free droid app

SEO Services Consultants said...

Nice information, many thanks to the author. It is incomprehensible to me now, but in general, the usefulness and significance is overwhelming. Thanks again and good luck! Web Design Company