Right now I get a permission violation if I try to access the issue.

Try again now. Garett B. has kindly made it public.

This is necessary! Please add before 2.0 release (if possible).

---

peter9477 wrote:

I think we don't even need a sophisticated API for this.  All PlayBook apps already have an /app/META-INF folder which contains metadata, including the digital signatures and MANIFEST.MF file.

---

I haven't done much playbook development.   Is this a protected folder?

 

What's to keep someone from copying the license files and distributing it with your app?

 

Piracy is a big consideration.

That folder is no more protected than the app's own code, for now.  That means that while it's entirely inaccessible (ignoring rooted tablets) to other apps, it is currently included in the backup data. 

 

There's already a ticket open to improve that situation, but it's a somewhat orthogonal issue in any case because the key is already displayed to users.  Protecting the integrity of the key is a requirement, but it needn't be done by hiding it.

Depending on the degree of protection you want, you would take steps to eliminate the risk of keys being posted online.  The usual approach would involve something like having the key coupled to information about the device, such as the PIN, or possibly to a user through their BBID.

 

App World already has facilities to assist with this, as it is supposed to report PIN and user email (BBID?) and other info to your dynamic license server when it requests a key.  You would record that info, and then allow the app to be "activated" on first launch, by contacting your server and reporting the device PIN or user BBID.

 

A lesser form of protection would be available if you want to use a license pool.  You would still need to activate the app in that case, but you wouldn't need the full license server with the App World interface.  An app would merely report the key and the device/user info to your server, which would register that key as being in use.  Any subsequent attempt to register a different device/user with the same key would imply that key had been published.  You could simply reject the subsequent attempts and the "pirate" wouldn't be able to activate the app.

 

By the way, all the above is analogous to how I understand the situation works on phones right now.  The key is visible to the user, but since several years ago the apps have had programmatic access to get the key, so the user no longer has to copy/paste anything to use it... it happens transparently. 

 

All I'm looking for here is for PB apps to get the same capability or, at the very least or as a stopgap, for the serious usability problems with the current license key support on the PlayBook to be eliminated.  That may be little more than rewording the dialog and allowing the user to copy the key from it in some fashion. (It may be the key is already copied automatically when that dialog is shown, but the user isn't told that, and it's not documented if true.)

Since AppWorld is pretty much the only game in town, wouldn't it be better to skip all this complicated licensing stuff and just allow the developer to make an on device query to AppWorld with an isRegistered() or isTrial() method?

Options like that are probably about equally effective, but may not be as simple to implement. I'd be happy to have any technique though, provided it didn't require that I first educate every new user about how to do something complicated.

My suggested approach (with license.txt) was intended to be something relatively trivial, since it involves only data already known to the App World client, and wouldn't require any change on the App World server. Given how slowly App World server changes are implemented, I thought this approach might get us something sooner....