Android Market – Authenticating With LVL From a Server
I have been struggling to work out why validation with the Android Market was succeeding with test accounts but with valid market accounts it was failing using code based on android-market-license-verification.
The issue turned out to be that the response data is stripped after verification.
Signed data comes in looking like this if it’s a TEST EMAIL account:-
0|136040138|com.foo.bar|1|ANlOHQOShF3uJUwv3Ql+fbsgEG9FD35Hag==|123456789012
if it is a genuine MARKET account
0|136040138|com.foo.bar|1|ANlOHQOShF3uJUwv3Ql+fbsgEG9FD35Hag==|123456789012:GR=10&VT=0987654321>=1234567890
When the signed data is validated, the data after the ‘:’ is stripped, so trying to re-validate the data will fail in the case of the market account, and pass in the case of the test email account.
