google play - Limit (Restrict) app installations per account (detemined by unique devices) in Android

Question

I have published an Android app.

Problem is, if someone buys my app, he can install it on several devices using the same account.

Can I limit the installation to a few (let's say 2) unique devices per account?

If the user wants to use it on another device with the same account, he will have to uninstall from another one first.

For example, MyBackup Pro only allows two unique devices.

How can I achieve this in my app?

Answer 1

Google helps you do this.

This page helps you set it up.

More specifically, it looks like you want to add a DeviceLimiter:

In some cases, you might want your Policy to limit the number of actual devices that are permitted to use a single license. This would prevent a user from moving a licensed application onto a number of devices and using the application on those devices under the same account ID. It would also prevent a user from "sharing" the application by providing the account information associated with the license to other individuals, who could then sign in to that account on their devices and access the license to the application.

The LVL supports per-device licensing by providing a DeviceLimiter interface, which declares a single method, allowDeviceAccess(). When a LicenseValidator is handling a response from the licensing server, it calls allowDeviceAccess(), passing a user ID string extracted from the response.

If you do not want to support device limitation, no work is required — the LicenseChecker class automatically uses a default implementation called NullDeviceLimiter. As the name suggests, NullDeviceLimiter is a "no-op" class whose allowDeviceAccess() method simply returns a LICENSED response for all users and devices.

Caution: Per-device licensing is not recommended for most applications because:

It requires that you provide a backend server to manage a users and devices mapping, and It could inadvertently result in a user being denied access to an application that they have legitimately purchased on another device.

The source code for DeviceLimiter can be found here.

The source pretty much explains how you'd go about using DeviceLimiter to implement what you want:

/* The LICENSED response from the server contains a user identifier unique to
 * the <application, user> pair. The developer can send this identifier
 * to their own server along with some device identifier (a random number
 * generated and stored once per application installation,
 * {@link android.telephony.TelephonyManager#getDeviceId getDeviceId},
 * {@link android.provider.Settings.Secure#ANDROID_ID ANDROID_ID}, etc).
 *
 * The more sources used to identify the device, the harder it will be for an
 * attacker to spoof.