By

Android Market – Authenticating With LVL From a Server

I have been struggling to work out why validation with the Android Market was succeeding with test accounts but with valid market accounts it was failing using code based on android-market-license-verification.

The issue turned out to be that the response data is stripped after verification.
Signed data comes in looking like this if it’s a TEST EMAIL account:-

if it is a genuine MARKET account

When the signed data is validated, the data after the ‘:’ is stripped, so trying to re-validate the data will fail in the case of the market account, and pass in the case of the test email account.