06-26-2011 12:36 PM
I'm curious if anyone is using either pooled or dynamic licensing models in their PlayBook app yet, even if you're completely ignoring it in the app itself.
That is, have you configured the license model for your app in the Vendor Portal to be either of those?
If so, please let me know what the app is so I can buy and download it (preferably not an expensive app ). I'm interested in examining the contents of the app folder in the archive (since RIM has kindly made it trivial to do this) to see whether there is anything in there representing the license key data. (I've checked about 100 apps so far and none have been using these licensing models, but mostly I've only checked free apps.)
If that information is present, it should be possible to retrieve it in the app and use it to "close the loop" on this licensing thing, and to actually start using this mechanism to protect against piracy. That would also make it largely irrelevant that our apps are completely exposed in the backup archives for now. (After all, when was the last time you used software on a PC which you could not examine in detail, if you were so inclined?)
Solved! Go to Solution.
07-20-2011 11:52 AM - edited 07-20-2011 12:13 PM
I just posted my second app for sale. As an experiment related to this thread, I selected the pooled licensing model.
When I downloaded my own app it displayed a dialog showing the license key. That was using the vendor portal sandbox, though clearly it will act the same for regular purchases.
I think the dialog should be rewritten or revised, since it could really scare some people who think it may be their only chance to retrieve the license key. The text in the dialog is not selectable so you cannot copy/paste from it. The text of the dialog almost hints that you may not have another chance to grab the key. It's easy to take a screenshot, of course, but users may not know how to do that, or may not think of it, or may simply forget in the panic of the moment. And clearly, with a key as long as the one I used, nobody would want to record and enter it manually.
Fortunately, once the app is installed, you can find the license key in the My World listing in App World. At least, I could when I first looked there, before exiting App World. Now when I look the key is gone. Bug? No idea yet.
Although it may not be clear from the above, the underline reflects the fact that you can tap-and-hold to show the editing context menu which lets you "Copy All", "Select", "Select All" and whatever... I didn't screenshot it when I had it visible, and now I can't get at it. The "License:" stuff above is no longer visible when I view my app's entry.
I'm going to check the Desktop Manager backup archive next to see whether the key is listed anywhere in there in a manner accessible to our apps.
Edit: note that this was all done using OS 188.8.131.5250. I'm of course unable to compare with 1.0.6 and earlier, but if anyone else has info to share about differences on those versions, please do...
07-20-2011 12:12 PM
07-20-2011 02:50 PM
07-20-2011 03:13 PM
Okay, so I finally found the license key in the PlayBook.
As mentioned earlier, at first I was using my sandbox account to purchase the app, and although the key appears immediately after the download, it doesn't appear to be stored anywhere. (It also matched the license key delivered to the first purchaser of the app, according to the vendor portal Purchase report, but that's a story for another time.)
I disabled my sandbox account and tried again. As mentioned, this time the license key appears each time I run App World, and easily lets me tap on it to copy to the clipboard.
I would not be difficult to have a user do this and paste into a field in my app to activate it, if I were to add such functionality. It may take a bit of training for them to do it, and I could well imagine the support costs could be quite high since many users probably wouldn't have any idea how to follow the instructions. RIM: this really should be improved with an API!
Anyway, I did another DM backup and examined the archive. This time I was able to find the license key in the backup, though it's not in my own app's folder. I won't go into details here... it benefits no one.
I can't see that there's any way for our apps to retrieve this information programmatically, so for now we appear to be dependent on manual user action, which totally sucks but at least gives us a step in the right direction. For an app with enough value to warrant the cost of implementing this and supporting/training/handholding users through the technique of copy/pasting the license key, it's at least technically feasible now to use this as a method for improved copy protection.
07-20-2011 10:08 PM
07-23-2011 12:56 AM
So the test results:
I purchased the app, there was a window with the key, which I couldn't copy or select. However when I opened BB App World after that the key was under the app name and I was able to select and copy it. After that I upgraded my OS to 1.0.7 the key remain listed in BB App World.
01-18-2012 10:11 AM
Note that I've created https://www.blackberry.com/jira/browse/TABLET-429 to request programmatic access to the keys for our apps. That ticket won't be public right away, but please vote for it once it is.
01-24-2012 07:18 AM
01-24-2012 09:41 AM
I'm questioning many things, but at the time was merely trying to see whether anyone else had explored any of this since there were so many problems with it, all noted above. The initial dialog vaguely hints that the user may need to do something, but doesn't say what. Even if they knew they should use copy/paste it won't let them actually copy the key except by writing it down or doing a screenshot (which most won't know how to do). It says nothing about how to actually copy/paste it, if required, and many users would take a while to figure it all out, if they ever could without assistance.
It's a question about usability, overall, since what's there is terribly unusable. I'm certain at least half of PlayBook owners (and probably far more) would have no idea what that dialog is telling them, and they shouldn't have to worry about it.
The anti-piracy aspects are not directly related... there are numerous ways to deal with that, as you've done. I note that your approach would prevent someone from installing the app on two PlayBooks using the same BBID, since you've keyed it to their PIN. What do you do if a customer has one PlayBook fail and replaces it with another, when they reinstall your app?
What if (I realize it's a stretch that this would happen) a PlayBook is sold to someone else, after being wiped, and the new owner decides to install your app? Wouldn't it end up retrieving the previous owner's key from your server? Or is that not a problem, because you're using this mechanism only to disable the app if it's ever side-loaded?