March 26, 2016

Android Permissions explained:

As a Raccoon user, you’ve probably come across apps that request the permission. It is used exclusively by apps that are sold on Play and pretty much a red flag.

CHECK_LICENSE is not a system permission, but declared by the Play client on your device. Any requesting app intents to ask the Play license server (at undisclosed times) if an account on the device legally purchased it. There is no way of telling when and how often this license check is performed or what will happen exactly when it fails. A poorly done app may require a license check on every start and refuse to operate entirely if it fails, a more user friendly one might only check infrequently and gracefully shut down if it fails subsequently. The exact strategy is completely up to the developer.

What does this mean for you in the bigger picture?

  • You cannot use the app in question on any device without (enabled) Gapps. Gapps comes as a package deal. You may only want Play, but you also get every other Google service including background services like Analytics (user/activity tracking) which you definitely don’t want. In other words: any developer requesting for his app, documents a complete disregard for your privacy.
  • Your ability to use the app in question depends on your network connectivity and it may fail to work at inconvenient times, e.g. while in the subway (no reception) or when on vacation (no roaming plan). A thoughtful developer might handle failing license checks gracefully, but then again, a thoughtful developer wouldn’t use a license server for mobile applications to begin with. Most developers that publish on Play aren’t thoughtful (or skilled for that matter).
  • The app in question is bound to your account, not only as an APK download item in your library, but also as a requirement for it to start. You cannot use it on a borrowed phone. More importantly, you loose it when you loose your account (or have it terminated for whatever reason).
  • The apps you buy become leverage that may be used against you in the future: Google occasionally updates its TOS and privacy statement, giving you the option to either accept the changes or terminate your contract and loose all associated digital goods.

In summary: don’t buy apps that ask for this permission. You might find yourself being in for more than you bargained for. In the very least, you are encouraging bad poor development choices and shady business practices.