Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® World™ Development

Reply
Contributor
Posts: 13
Registered: ‎03-22-2010
My Device: Old one

Licensing A Blackberry App - dynamic license question

I developed a Blackberry App, which I'm planning to distribute on App World and Mobihand. I'm thinking of using dynamic licensing scheme, but I'd like to get some details. I saw several messages that post on how App world will be calling my web server to get the License code based on blackberry pin. I also read that there are APIs from App world that allows you to read values, but I don't see any posts with one picture that describes a sample license screen end-to-end. It would be really beneficial to have one here, maybe with the very basic algorithm (echo the PIN) for example.

 

I'm working with version 4.5.0 version of Blackberry Java API (or earlier).

 

My understanding of the process is:

1) buyer downloads the app. App is locked (trial version)

2) buyer buys the app on app world

    2.1) app world sends the pin (DeviceInfo.getDeviceId()) , user e-mail to my server

    2.2) I send the unlock code back to the App world (via code like

             http://supportforums.blackberry.com/t5/BlackBerry-App-World-Development/Dynamic-license-key/td-p/189...

 

* How do I know that it was App world that asked me for the key and not some site that is hacked my URL?

* How does the end user knows about the code? App world has it, but not the user at this point

* Does people that implement dynamic licensing check the server at random times to see if the license is valid, or is it one deal thing. In my case, I'd rather avoid any over the air traffic - not to incur any extra charges for the user who is using static app.

* Are there any articles, videos, or books that goes in detail on the topic

* Are there any code samples?

 

Thank you,

 

Henry

Developer
Posts: 37
Registered: ‎01-12-2010
My Device: Blackberry 8320

Re: Licensing A Blackberry App - dynamic license question

 


henryn73 wrote:

 

My understanding of the process is:

1) buyer downloads the app. App is locked (trial version)

2) buyer buys the app on app world

    2.1) app world sends the pin (DeviceInfo.getDeviceId()) , user e-mail to my server

    2.2) I send the unlock code back to the App world (via code like

             http://supportforums.blackberry.com/t5/BlackBerry-App-World-Development/Dynamic-license-key/td-p/189...

 

* How do I know that it was App world that asked me for the key and not some site that is hacked my URL?

* How does the end user knows about the code? App world has it, but not the user at this point

* Does people that implement dynamic licensing check the server at random times to see if the license is valid, or is it one deal thing. In my case, I'd rather avoid any over the air traffic - not to incur any extra charges for the user who is using static app.

* Are there any articles, videos, or books that goes in detail on the topic

* Are there any code samples?

 

Thank you,

 

Henry


 

 

henryn73,

I think your process understanding is inaccurate. Read the Dynamic_License_Flow.pdf carefully (http://na.blackberry.com/eng/developers/appworld/Dynamic_License_Flow.pdf). The App World service retrieves the key from your web service during the customer transaction. Upon successful transaction completion, the app world client on the customer device takes care of the download and key installation. When it first starts up, your app should look for the key in the codemodulegroup properties. There are other topics in this forum that explain that (http://supportforums.blackberry.com/t5/BlackBerry-App-World-Development/Dynamic-Licensing-RIM-APP-WO...).

 

re: hacking

This question has been asked many times in this forum. To my knowledge, it has not been answered or adequately addressed by Blackberry. Handango, for instance, includes a signature in the POST data. Another option would be to support ssl. Either seems pretty simple. I don't know why Blackberry ignores this issue.

 

re: checking the license

That is an individual choice and depends on how you want to design the customer experience.

 

Regards, Tooter

Developer
Posts: 76
Registered: ‎03-15-2010
My Device: 9800, 9630

Re: Licensing A Blackberry App - dynamic license question

re: hacking

 

One simple and fairly good (imo) solution was the one I'm using and took from someone (thanks!) on these forums, is to include a unique key value in the URL to your license server. So, instead of calling "http://www.myserver.com/getlicense.php" you call ".../getlicense.php?mycode=XXXXX". This way you can place the code into your app submission, and check for it's existence in your own license issuing code. This should prevent someone random from just being able to hit your server with a Blackberry formatted license request. You can change both the variable name and code value at any time you like and for each separate app you release.

 

Is it the best possible answer? Probably not.. but it atleast adds an extra layer of protection.

 

Jason

www.lcamobile.com

Contributor
Posts: 30
Registered: ‎02-27-2010
My Device: Curve 8310

Re: Licensing A Blackberry App - dynamic license question

Hi Henry,

 

You might checkout the info at licmax.com.  They provide a service for license acquirement and verification including support for App World, Handango and Mobihand.  There is some good literature there about how the process works, and code samples how to make online verifications from your app at runtime.

 

HTH, Posri