The task has 2 phases:
1) Fetch the License information from the Google Store (if the user has effectively downloaded our app from the store by the mobile app.
2) implement a simple backend (Kotlin or Java) call to verify the license on the google store.
Open questions:
Can a third-party app asks to the store the license information of our app?
Can we detect server site that the license sent by the "app" (of a fake app) is strictly connected to the device that is sending the request?
Io order to restrict the API access only to our android app, we should implement the server side license verification. The process is described here: https://developer.android.com/google/play/licensing/server-side-verification
Investigate also the Protect against security threats with SafetyNet https://developer.android.com/training/safetynet/index.html
The task has 2 phases: 1) Fetch the License information from the Google Store (if the user has effectively downloaded our app from the store by the mobile app. 2) implement a simple backend (Kotlin or Java) call to verify the license on the google store.
Open questions: Can a third-party app asks to the store the license information of our app? Can we detect server site that the license sent by the "app" (of a fake app) is strictly connected to the device that is sending the request?
Here the Android Play Library to use: https://github.com/google/play-licensing/tree/master/lvl_library/src/main/java/com/google/android/vending/licensing
Note: The Native API call should be integrated with flutter https://flutter.dev/docs/development/platform-integration/platform-channels