I have application which is for paranoic users who used to store their sensitive data in encrypted DB. One of the requirements is that app shouldn’t have any permissions to use IP connection. Everything was fine, until in one nice day I have decided to replace obsolete copy-protection system to new one LVL based. App doesn’t still have permission to use Internet, but anyway through LVL service it should be connected to Android Market and check license validity. Sure I’m caching license and so on, such that app checks license only once – at very first run. But still I couldn’t succeed to explain my users (paranoic ones!) why device must have GPRS/wi-fi enabled to check license validity. It’s too technical and users are refusing to understand its necessity and continue to ask me remove grps/wi-fi connectivity.
Is it possible somehow check license without gprs/wi-fi connectivity?
I mean probably there’s way to check it using SMS?
One possible way is to build a two-app copy-protection scheme. Your real app (the one with the sensitive data) would check the presence of another app on the phone. The secondary app does not contain any sensitive data, but does require the IP connection in order to use LVL.
Obviously, a blank check for the presence of the second app package is not sufficient. The actual mechanism by which the two apps communicate should be a bit more complex. one possible way is to use the AccountManager and create an account which keeps a token created by the second app, which the first app validates. The second app will create that token only after it successfully validated itself through LVL.
However, the user experience around this is far from ideal. It will require the users to download the second app, and run it at least once. Still, it will give enough separation between the licensing mechanism and the sensitive data app, that it might alleviate your users concerns.