Google helps you do this.
This page helps you set it up.
More specifically, it looks like you want to add a DeviceLimiter:
In some cases, you might want your Policy to limit the number of
actual devices that are permitted to use a single license. This would
prevent a user from moving a licensed application onto a number of
devices and using the application on those devices under the same
account ID. It would also prevent a user from "sharing" the
application by providing the account information associated with the
license to other individuals, who could then sign in to that account
on their devices and access the license to the application.
The LVL supports per-device licensing by providing a DeviceLimiter
interface, which declares a single method, allowDeviceAccess(). When a
LicenseValidator is handling a response from the licensing server, it
calls allowDeviceAccess(), passing a user ID string extracted from the
response.
If you do not want to support device limitation, no work is required —
the LicenseChecker class automatically uses a default implementation
called NullDeviceLimiter. As the name suggests, NullDeviceLimiter is a
"no-op" class whose allowDeviceAccess() method simply returns a
LICENSED response for all users and devices.
Caution: Per-device licensing is not recommended for most applications
because:
It requires that you provide a backend server to manage a users and
devices mapping, and It could inadvertently result in a user being
denied access to an application that they have legitimately purchased
on another device.
The source code for DeviceLimiter
can be found here.
The source pretty much explains how you'd go about using DeviceLimiter to implement what you want:
/* The LICENSED response from the server contains a user identifier unique to
* the <application, user> pair. The developer can send this identifier
* to their own server along with some device identifier (a random number
* generated and stored once per application installation,
* {@link android.telephony.TelephonyManager#getDeviceId getDeviceId},
* {@link android.provider.Settings.Secure#ANDROID_ID ANDROID_ID}, etc).
*
* The more sources used to identify the device, the harder it will be for an
* attacker to spoof.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…