Add an RSA signature to the APP and an RSA signature to the APP
RSA signature. Google is mainly used for APP source control and settlement. The so-called settlement means that the APP can be used only when the Google account logged on from the current machine has downloaded the APP from the Google market, thus achieving app sales.
To add an RSA signature, perform the following steps: 1) Add the License Verification Library (LVL) Library 2). Release a BETA version to the Google Play market. 3) Implement the signature authentication function in the Code and control APP permissions. All of the following operations are completed in Android Studio. Eclipse can be used for reference. I. Add a third-party Library License Verification Library (LVL) Step 1. Download The LVL Library and open Android SDK Manager. Find Google Play LIcensing Library under the Library list Extras. Download it. Now the Lib is stored in android-sdk-windows \ extras \ google \ play_licensing \ library. 2. Add the LVL Library to the project File --- New --- Import Module. Select the LVL library in the SDK. That is, android-sdk-windows \ extras \ google \ play_licensing \ library. If you select the correct option, the Module Name is displayed. You can customize the Lib name. Lvl is defined here. 3. Open the Grade file of the App. Note: It is the Grade File under the App directory. It is generally named build. grade. Add corresponding locations (dependencies)
compile project(':lvl')
4. Click Tools ---- Android ----- Sync Project with Grade Files. Added third-party libraries. Add third-party library method reference: http://www.truiton.com/2015/02/android-studio-add-library-project/ 2. To release a beta version to the Google market, this step is the same as normal release of an App. Only when the APK is uploaded, the Beta version is selected, not the official version. Note: click Publish in the upper-right corner to complete the upload. The test account must be added to the closed test list for the APP to be tested, that is, the Google account currently logged on to the mobile phone must be added to the list. Otherwise, the test cannot be performed. 3. Realize the interaction with the signature server to achieve the control of application permissions. for the official operation method reference: http://developer.android.com/google/play/licensing/adding-licensing.html#impl-Obfuscator and signature server interaction mainly through the LicenseChecker class. The LicenseChecker registers a LicenseCheckerCallback callback to control the APP. Generally, it interacts with the signature server in MainActivity. In mLicenseCheckerCallback, if the APP is successfully authenticated, it continues to go down, otherwise, you will be prompted to exit. The procedure is as follows: 1. Add the App permission
<uses-permission android:name="com.android.vending.CHECK_LICENSE" />
2. Define a 20 random byte array (used by AESObfuscator) and some variables in MainActivity.
private static final String BASE64_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjynFykMkHwAuVkL22mUo3Z2HkTXbtXzjAktR1xrIAudSnWCYWKoAeWsSGccS+KOinEyTK1/aMPbWFhjqUl08AtMAygaukoFD3OltfKan4At99AJH9BxKNWZCLAAilt7jW1+8PoiaintlLHZpyG2c6VqSET2VRyGCFCXzKq9BnnhJqkGxJagSRf43WhFXHl1nueDDDm4DdmGjAegY2loglRbYq9cuqxSGn8T1c/ebYE2IZn+OjtG0/9+ce6WwGabeTyQi3HVcvwerTVYwT8PAzujcX6epvhtL3Jfvp73QEWojR381e8Fpsw+Qvd+2rnSZNphbSY56f/4wg4OhPGG6twIDAQAB";private static final byte[] SALT = new byte[] { 13, 32, 81, 65, 53, 82, 18, 100, -69, -17, 51, 81, -13, 86, -10, -40, 19, 45, 63, -7 };private LicenseChecker mChecker; private LicenseCheckerCallback mLicenseCheckerCallback;
3. Define an internal LicenseCheckerCallback class
private class MyLicenseCheckerCallback implements LicenseCheckerCallback { @Override public void allow(int reason) { // Log.i("RSA", "success Code: " + reason); delayedHide(HIDE_DELAY_MILLIS); } @Override public void applicationError(int errorCode) { // Log.i("RSA", "Error Code: " + errorCode); haveNoLicence(); } @Override public void dontAllow(int reason) { Log.i("RSA", "dontAllow Code: " + reason); if (reason !=Policy.LICENSED){ //not success haveNoLicence(); } }}
In this Callback class, the access return method is dontAllow. Allow is called only when the call is successful. ApplicationError is called only when an error is reported, excluding the absence of license and network errors. So here I am directly executing the method without permission if the authentication is successful. 4. initialize LicenseChecker and LicenseCheckerCallback.
String deviceId = Settings.Secure.getString(getContentResolver(), Settings.Secure.ANDROID_ID);// Library calls this when it's done.mLicenseCheckerCallback = new MyLicenseCheckerCallback();// Construct the LicenseChecker with a policy.mChecker = new LicenseChecker(this, new ServerManagedPolicy(this, new AESObfuscator(SALT, getPackageName(), deviceId)), Constants.RSA_KEY);
5. Access the signature server for verification.
mChecker.checkAccess(mLicenseCheckerCallback);
At this point, the RSA Authentication is completed. Possible problem 1, Error, Error code 3. Because the Google market does not upload the APK. Or the release is not completed yet. If the release has been completed, please wait for approval. It is estimated that the application can pass the review within 24 hours. 2. Switch to a Google account or change the rsa key in the application. If the verification result is different from the Expected One, you need to delete the application and restart the mobile phone for testing. 3. Other error codes are listed as follows:
LICENSED = Hex: 0x0100, Decimal: 256NOT_LICENSED = Hex: 0x0231, Decimal: 561RETRY = Hex: 0x0123, Decimal: 291LICENSED_OLD_KEY = Hex: 0x2, Decimal: 2ERROR_NOT_MARKET_MANAGED = Hex: 0x3, Decimal: 3ERROR_SERVER_FAILURE = Hex: 0x4, Decimal: 4ERROR_OVER_QUOTA = Hex: 0x5, Decimal: 5ERROR_CONTACTING_SERVER = Hex: 0x101, Decimal: 257ERROR_INVALID_PACKAGE_NAME = Hex: 0x102, Decimal: 258 ERROR_NON_MATCHING_UID = Hex: 0x103, Decimal: 259
Source: http://stackoverflow.com/questions/18324963/how-can-i-implement-a-licensing-strategy-for-android/18325731#18325731>