14705572
story
Comments: 184 + - Your Rights Online: Google Adds Licensing Server DRM To Android Market on Friday July 30, @04:39PM
background: url(//a.fsdn.com/sd/topics/topiccellphone.gif); width:75px; height:74px;
cellphones
background: url(//a.fsdn.com/sd/topics/topicbusiness.gif); width:64px; height:54px;
business
background: url(//a.fsdn.com/sd/topics/topicgoogle.gif); width:104px; height:38px;
google
background: url(//a.fsdn.com/sd/topics/topicpiracy.png); width:80px; height:75px;
piracy
eldavojohn writes "According to AfterDawn, Google has given app makers the option to use a license server as DRM to ensure the user has paid for an app before they can download it. Reportedly, the Market app will communicate with a Google license server using RSA encryption. It is important to note this is only available for non-free apps (built with SDK 1.5 and later), and it was instituted to provide a better solution to the old and widely criticized copy protection scheme that was susceptible to Android app piracy (like sideloading). For better or for worse, Android's Marketplace appears to now have an optional, phone-home form of DRM."
Following news of the new licensing service, Hexage Ltd, makers of a popular Android game called Radiant, released the data they had collected on piracy of Radiant over a 10-month period beginning last October. A series of charts shows total users, paid users and the piracy rate, by region.
Related Stories
"Is this foreplay?"
"No, this is Nuke Strike. Foreplay has lousy graphics. Beat me again."
-- Duckert, in "Bad Rubber," Albedo #0 (comics)
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.
Paid apps are not available in many countries. (Score:3, Insightful)
Building up Android (Score:5, Insightful)
I don't fault Google for adding this in. They are trying to build up Android and one part of doing that is by developing a strong development ecosystem around it. The problem is if there is huge piracy numbers it's hard to get money behind developing an app for Android. By giving some businesses a little more comfort, they can help to encourage adoption of the platform as a viable development platform for a business.
Re:Building up Android (Score:4, Insightful)
This is generally a bad idea:
1. Much of the justification for paid apps when both free and paid are available, is to get rid of the ads and tracking in the free versions (admob, etc. at dev's option). Now, you'll be tracked by Google (again, at developer's option) even for paid apps.
2. There are 2 modes: strict and server managed. Strict mode will always verify license every time you start an app. This is useless when no network connection is available - e.g. on airplane, and gives maximum tracking to Google. Server managed can cache the server response and use the cached response when there's no network connection available. This has 2 problems: (1) from users' perspective: you'll have to pre-open such apps that you'd want to use on a plane before taking off (or going off-roading, camping, hiking, etc.) - for example, you don't usually play a certain game (but you will on a plane), so cached response could have expired - better remember to pre-open and re-cache everything before taking off! Users shouldn't have to deal with this crap. And (2) from developers' perspective: the cached response is stored "obfuscated" locally. The "obfuscation" is an encrypted file with a 20-byte salt. The salt is stored inside the application. This is not secure by design and once broken, useless.
There are better ways, none of which involve a lot of extra tracking by Google. For example, even in this licensing scheme, since the salt stays the same per apk, why not just validate the license at install time, and "cache" the encrypted license forever for that specific apk? Another option - why not encrypt the apk itself, decrypt when run or JIT compiled binaries only. In general, why not implement a generic encrypted storage container that could be used by users, developers, and the OS to securely store any information? This could even be encrypted via an optional user-settable password to an encryption key. This is not rocket science, it's been done everywhere else.
Parent
Steam vs. Assassin's Creed 2 (Score:2)
Re: (Score:2)
I don't see the problem. (Score:5, Insightful)
At the great risk to my karma, I guess I have to just pipe up and say that I don't see the problem here.
License-server based apps have been selling on various platforms for years. Decades. Android now supports this, adding a little attraction to developers to invest time and money making an application for use on Android. Given the lack of QA on a great many Android apps (can anyone offer an explanation how Facebook for Android is such pure garbage, all jokes about content aside?) I for one see this as a step in the right direction.
Android developers, you now have a piracy deterrent for your applications you would like monetary compensation for creating, and more importantly, maintaining. I fail to see how this is evil and how any of the wry 'do-no-evil-lol' quips are deserved.
Re: (Score:2)
License-server based apps have been selling on various platforms for years.
How well do license-server based apps work on laptops? And how well would they work on Android device without a cellular radio, something like an Archos 5?
Re: (Score:2)
That's really up to the developer. If I were to use such a service, I'd allow a certain number of executions without validation before validation was required again. For example, if the validation comes back, I save that date to my app database, maybe encrypt it, and run the same check each time it's run. If I don't get a reply for N days (or N runs) then disable the app. It would most likely be easily hacked (cause I'd have to store the value somewhere...) but it would most likely cut out the couch pir
Re: (Score:2)
Sad to say, but Google doesn't care if your Android device isn't a phone. They don't care, they don't "With Google" you or anything. To Google, if it's not a phone, they're not interested.
As for the Archos 5, that thing is so locked down it's practically impossible to root it or customize it, so it's stuck with Android 1.6, which won't support this anyhow
The CPS-2 solution (Score:2)
Even if Google encrypts the binary, it has to be decrypted somehow
Put cryptographic hardware in your CPU, and have it decrypt the binary inside the CPU at instruction cache miss time. The Capcom CPS-2 arcade board did something similar, coupling a crypto-processor and an MC68000 CPU.
Re: (Score:2)
I don't see the problem, provided the app doesn't pop a license check every time it runs. Instead, it should cache the result against the phone's IMEI and some random obfuscation that would take some disassembly of the .apk to yank. When the app runs, if the IMEI is different, it automatically polls the license server and rebuilds the cached value. If it gets back that the user doesn't have that app purchased, it should either work in a demo mode, or point the user to the store to purchase it proper. If
Re: (Score:2)
I agree completely with yourself and the GP. I love my rooted Eris and this is a great way for app makers to try to get paid for their work.
Re: (Score:2)
Well it's not a problem per se, but every bit of DRM that's built into Android chips away at it's status as the "free" alternative to Apple's iOS. We can argue about whether or not that's fair, but it seems to be why people care about news like this.
Explaining Piracy Figures (Score:5, Informative)
You can see in the charts something like 98% piracy in South America.
This happens because... there's no way to buy applications if you're in South America. So, anyone with a paid application here *has* to pirate it.
Re: (Score:2)
Those charts are completely useless as it's impossible to buy Android software in many parts (most?) of Europe as well. Not that I'd want to buy any if everyone starts using this phone-home DRM.
Re: (Score:2)
It doesn't make it any less illegal.
Re:Explaining Piracy Figures (Score:4, Insightful)
Parent
Re: (Score:2, Insightful)
Why doesn't a publisher have a right to choose not to sell somewhere/to someone?
So it's OK to steal it, because you can't buy it? So what if the publisher sells it to one person in South America? It was available, so now it's not OK?
That argument doesn't seem to hold up.
Re: (Score:3, Insightful)
Of course a publisher has the right not to sell his software. I just don't see that he is harmed if the people he chose not to sell it to pirate a copy. He hasn't lost anything. He still has his copy. He can't claim a lost sale since if the pirate hadn't pirated then there still wouldn't have been a sale.
Why does he have the right to disadvantage everyone else?
Re:Explaining Piracy Figures (Score:4, Insightful)
Why is your right to acquire something more important than his right to control his creation?
While someone's right to their own creation is pretty well established (after all, that's the purpose of copyright), where does the idea that people should have to either sell you something or let you take it come from?
It seems like just because something isn't physical (has no marginal cost), people argue that a creator's rights don't apply.
Parent
Re:Explaining Piracy Figures (Score:4, Insightful)
While someone's right to their own creation is pretty well established (after all, that's the purpose of copyright), where does the idea that people should have to either sell you something or let you take it come from?
Uh, nobody is taking anything from anybody - they're making a copy. The creator still has their creation, and they are completely unharmed.
I'm fine with the purpose of copyright - encouraging the creation of content by giving the creator a limited monopoly on their creation so that they can monetize it and finance the creation. The problem is that in this case no monetization is happening, which means the law has failed to achieve its purpose.
A copyright law that only protected works that were available for sale would be JUST as effective at promoting science and the arts. Indeed, it would be more effective as it would remove the extinction of orphan works. Ditto for a law that limits copyright to some sane duration.
For some reason everybody acts like copyright exists to protect the rights of content creators. It doesn't exist for this purpose at all. It exists to benefit society by creating a demand for content creators in the first place. Content creators who don't share their content at all have no benefit to society at all. Now, that's fine if you want to paint masterpieces in your basement - nobody is forcing you to sell it. However, you aren't harmed at all if your masterpiece can be purchased at the local walmart if you weren't ever going to sell it yourself.
Who is being harmed in this case, and how? And I don't hurt feelings either - I'm talking about loss of some kind that can be measured in things you can see and touch.
Parent
Re: (Score:3, Insightful)
That art has to be made by someone, and it cost money to live, by not paying for art you are depriving the artists of the means to make their art.
You're not paying them either way - because they aren't accepting payment.
It doesn't matter if the creator is never selling their art, if you copy it, you are still hurting creators who are selling their art by displacing your need for that type of art from art that is for sale which would support someone, to art that isn't for sale that you stole.
Now you're argui
Re:Explaining Piracy Figures (Score:4, Insightful)
Because there is no intrinsic right to control your creation.
It is a monopoly granted by the state because it is deemed to be for the public good by creating an incentive (see the US constitution) and to ensure that you can share profits others make on your work (one reason for the Statute of Queen Ann).
If neither of these apply (which it clearly does not in these circumstances) you have just subverted the reason it (copyright) exists in the first place.
Parent
Re: (Score:2)
Have the owners reported their missing property?
This happens every time a copyright owner files a DMCA takedown notice.
Re: (Score:2)
If you have to infringe because the legitimate publisher doesn't want to take your money, then copyright is failing "To promote the Progress of Science and useful Arts".
True, but for better or worse, copyright is a property right, too. The publisher has the right to refuse sale to anyone, largely speaking. This wouldn't obviate their other rights, however.
Re: (Score:2)
Re: (Score:3, Insightful)
That depends on the local laws.
Unless something has changed, for example, it is completely legal to intercept DirecTV service in Canada (I know it used to be at least). Why? Simple - DirecTV refused to sell service to Canadians (licensing issues and all that), so Canada just said, well, we won't regard cloning of access cards/etc as theft of service. As a result you can sell cloned smartcards or whatever in your local walmart if you want.
Perhaps that has changed, but the bottom line is that if you refuse
Call me paranoid (Score:4, Interesting)
With recent news about certain Android apps sending private information to whomever created it, I have recently installed DroidWall to filter access (e.g. - Battery meter apps!? Puh-leez!) to my phone's data connection.
If some app expects me to allow a data connection just to prove I am not a thief, sorry, I won't be buying it! And yes, I do purchase apps that I consider worthy.
And what happens if someone is abroad? Would they have to pay $20 in roaming charges to play some bubble bobble game for an hour while waiting in some airport?
Re: (Score:3, Interesting)
Re: (Score:2)
I'm just amazed at the fact you have to install a firewall on your PHONE. What's next, Antivirus and spybot scanners for Driod?
Looking at piracy figures... (Score:2, Interesting)
... now I see why we have always been at war with Oceania - they are apparently stealing all our apps.
It's pretty amazing the North America piracy figure is so much lower. I wonder if that's the result of a far larger user base in NA? Or are Europeans (where I thought the figure would be similar) just have a more pirate-prone culture?
It would also be interesting to see beyond this static view, how many users they saw going from pirated to paid. That I think is the key figure to understand if piracy is a
Universal Paid Apps (Score:2, Insightful)
I'm going where it's safe! (Score:2)
If only Google could actually get it *RIGHT*... (Score:3, Interesting)
There were (at least) two fundamental flaws with the original Android Market protection scheme, neither of which appears to have been rectified by this change (besides possibly to make matters worse for end users):
* As everyone has already noted, lots of people around the world with Android phones can't actually buy apps from Android Market, EVEN IF they have a Mastercard/Visa/AMEX card with dollar-denominated account. That's just plain fucked.
* You can't officially purchase and run protected Market apps if your phone is running an unblessed "Developer" kernel. Of course, there's not a single goddamn phone from HTC, Samsung, or Motorola with Google-blessed kernel that has BlueZ Bluetooth HID profile compiled into it, so it's impossible to build your own kernel with it enabled without being formally exiled from 99% of commercial Android apps. At least, unless you crack them. Any DRM scheme that forces legitimate users to crack apps they purchased in order to use them is fundamentally broken, especially when there are still gaping holes in Android phones that need a customer kernel to fix.
As for "developer's option" whether or not to cache, let's be honest... at least half the developers publishing commercial apps don't have the slightest clue in HELL how to implement a secure caching scheme, and they aren't going to purchase a proprietary one that demands more money up front than they're likely to earn from the app's sale. So, anybody care to guess what's going to happen? Most apps in Market are going to end up checking the server every goddamn time, because the alternatives are too hard/expensive for most Android publishers to deal with. IMHO, Google got THAT part EGREGIOUSLY wrong. They should have distributed the Android DRM module themselves, and made it free & easy for publishers to do cached checking, but left it difficult and minimally-documented how to bypass that caching and check the server every time.
I love Android. I really do. But it's so incredibly frustrating when Google turns around and fucks things up in ways that CAN'T be fixed by end users with access to Android's sourcecode... usually, mistakes that are almost incomprehensible given the amount of in-house talent and expertise Google has available to it. At times, Google actually manages to make even *Microsoft* look coherent and customer-focused.
Re: (Score:3, Informative)
As for "developer's option" whether or not to cache, let's be honest... at least half the developers publishing commercial apps don't have the slightest clue in HELL how to implement a secure caching scheme, and they aren't going to purchase a proprietary one that demands more money up front than they're likely to earn from the app's sale. So, anybody care to guess what's going to happen? Most apps in Market are going to end up checking the server every goddamn time, because the alternatives are too hard/expensive for most Android publishers to deal with.
First of all, the devs don't have to implement very much else than an API call ("LicenseChecker.checkAccess()") and supplying code for the two callbacks "allow()" and "dontAllow()". See http://developer.android.com/guide/publishing/licensing.html [android.com] (yeah, they call it a "licensing service" rather than DRM, no real surprise).
Second, it's very easy for devs to choose the best (from our point of view) option: you use an instance of either "ServerManagedPolicy" (uses cache fallback) or "StrictPolicy" (insists on
Re:"Do no evil" (Score:4, Insightful)
You know its surprising how much significant financial interest there is in other pathways than the one Google has taken, yet you don't see them abusing it.
Don't get me wrong, everyone has the right and definately should be wary of what Google does being in the position Google is in. (Great power, Great responsibility, blah blah blah).
But giving developers the option to use a DRM server for their priced apps?
Where is the evil in that?
Parent
Re:"Do no evil" (Score:5, Insightful)
The potential evil is one of deceit, it's in colluding with someone who claims to be 'selling' an application, which in reality is programmed to disobey the person deceived into thinking they own it if it can't find this DRM server.
Using DRM, by itself, is not an issue. It's this refusal to be clear that, by doing so, you've changed 'selling' into a strange form of rental (with incompletely specified conditions) which is the evil bit. If you participate in an activity which looks like selling, but doesn't actually give the 'buyer' the freedoms they get when they buy a useful object normally, that looks like complicity in fraud to me.
Lots of others may be doing it, but in morality this is no excuse.
Parent
Re:"Do no evil" (Score:5, Informative)
Also, a lot of people disagree with paying for apps as that goes against the purpose and concept of free software
http://www.gnu.org/philosophy/selling.html [gnu.org]
Parent
Paying for apps (Score:3, Informative)
Also, a lot of people disagree with paying for apps as that goes against the purpose and concept of free software (and associated benefits/gains).
Except there are several genres of application that free software developers have so far failed to deliver. I've listed several other as-yet-uncloned apps in this comment [slashdot.org].
Re: (Score:2, Interesting)
almost everything on your list has DRM. However, lets take too it.
Netflix Watch Instantly
DRM and legal constraints enforced by Netflix. You know, silverlight? You can also thank MS for that one.
Adobe Photoshop, including those high-end features that distinguish it from GIMP mods such as GIMPshop
Adobe Flash CS3
Adobe products have equivalents on open source but not necessarily free software - I'd consider gimp equivalent for development, mostly. Don't sit and try to tell me professionals prefer photoshop over
Re:"Do no evil" (Score:5, Insightful)
Also, a lot of people disagree with paying for apps as that goes against the purpose and concept of free software (and associated benefits/gains).
I can't believe people still confuse free as in beer and free as in freedom, despite how many times people point out the difference on here.
Free software types are not opposed to for-pay software, at all. The two concepts are not related.
Parent
Re: (Score:2)
Free software types are not opposed to for-pay software, at all. The two concepts are not related.
I think it's pretty clear that many are, possibly most.
Re:In today's world, libre implies gratis (Score:4, Interesting)
Sell binaries offer only sources as no cost. That will compel most to pay.
Parent
Re: (Score:2)
Also, a lot of people disagree with paying for apps as that goes against the purpose and concept of free software (and associated benefits/gains).
If you want to disagree with paying for apps and agree with the concept of free software, you can use free software.
That doesn't give you the right to rip off developers who don't agree to put stuff under a free license and steal their work.
I agree with the concept of driving a Porsche around, but I'm not allowed to just drive one off the lot.
Re: (Score:3, Insightful)
If you could copy one without any impact on Ze Germans who built the one at the lot, I would think you might be able too.
I would advise you to instead replicate cars people intend to be FREE in that manner, but it would not be anything like stealing a physical car.
Re:"Do no evil" (Score:4, Insightful)
"Also, a lot of people disagree with paying for apps as that goes against the purpose and concept of free software (and associated benefits/gains)."
No you are wrong. You are super wrong. You are full of it.
If you are talking about GNU/FSF/RMS meaning of the free software.
It goes against the purpose and concept of free software to us free software.
As betterunixthanunix points out GNU has no problem with charging for software at all.
So yes you can pay for free software all you want. To follow the purpose and concept of free software you would disagree with and refrain from using any software that you where not free to distribute and that did not give you the source or at least an offer of the source!
Not liking DRM is also okay.
But just taking the software is just being a rotten cheapskate that refuses to pay the developer what the developer thinks his product is worth. And you are violating his rights to license his software how he sees fit.
In other words your being a jerk when you pirate some $ 1.99 game for you cell phone and being anti free software at the same time.
Parent
Re:"Do no evil" (Score:4, Informative)
As in you can get the source, change it, compile it, get it to work with your own hardware, and redistribute it.
Or even improve [cyanogenmod.com] it.
Parent
Re: (Score:3, Insightful)
For those that never wanted to pay for apps that the developers wanted to _sell_.
DRM isn't a requirement here. If two apps exist in an equally functional form and one has DRM while the other doesn't, I know what one I'm picking. If I don't like the DRM, I have a choice to not get DRM'd apps.
It's still consumer choice at this point. Google is just offering a way for developers to DRM their apps if they so choose to do so. If it ends up not being popular, the developers can choose to remove the DRM.
Re: (Score:3, Insightful)
I think the essential element you're missing is that Andriod's DRM is only an option. Otherwise you'd be right.
Re: (Score:2)
Even if you don't keep backups, iTunes keeps a permanent history of your purchases and will let you download any App* you already paid for free if you try to buy it again, on any device tied to the account.