The task has 2 phases:
1) Fetch the License information from the Google Store (if the user has effectively downloaded our app from the store by the mobile app.
2) implement a simple backend (Kotlin or Java) call to verify the license on the google store.
Open questions:
Can a third-party app asks to the store the license information of our app?
Can we detect server site that the license sent by the "app" (of a fake app) is strictly connected to the device that is sending the request?
bhack
commented
4 years ago
Io order to restrict the API access only to our android app, we should implement the server side license verification. The process is described here: https://developer.android.com/google/play/licensing/server-side-verification
Investigate also the Protect against security threats with SafetyNet https://developer.android.com/training/safetynet/index.html
The task has 2 phases: 1) Fetch the License information from the Google Store (if the user has effectively downloaded our app from the store by the mobile app. 2) implement a simple backend (Kotlin or Java) call to verify the license on the google store.
Open questions: Can a third-party app asks to the store the license information of our app? Can we detect server site that the license sent by the "app" (of a fake app) is strictly connected to the device that is sending the request?
Here the Android Play Library to use: https://github.com/google/play-licensing/tree/master/lvl_library/src/main/java/com/google/android/vending/licensing
Note: The Native API call should be integrated with flutter https://flutter.dev/docs/development/platform-integration/platform-channels