Google has pushed out a fix for a critical bug in the Play Store.
The License Verification Library (LVL), a tool utilized by developers to verify licenses for purchased apps, contained the bug. Instead of verifying licenses as per usual, the tool stopped working entirely. Worse yet, many apps would crash or freeze if they couldn’t access the verification.
LVL is an anti-piracy measure. It prevents users from sideloading apps they didn’t pay for. It can also help prevent users from buying an app, extracting its APK, returning it to the store and then reinstalling it via the APK.
The specific issue with LVL concerns a service called the ILicensingService. The service contains the command ‘checkLicense()’ which developers use to check the license on the user’s device. However, because of the bug the ‘checkLicense()’ can’t be called.
The bug first showed up in Play Store version 10.7.17 and is still present in version 10.7.18. With update 10.7.19 — available now — restores functionality of ILicensingService and checkLicense().
Thankfully Google fixed the issue. For a time, developers had to choose one of a few less-than-ideal situations. The first option was asking users to downgrade their Play Store to 10.6, or remain on 10.6. However, there’s no way for app developers to enforce that on a large scale.
Alternatively, developers can avoid having the app check for a license by forcing it into either a licensed or unlicensed state. However, assuming every user has a license encourages piracy. If developers assume no users have licenses, then paid users lose out on features they’ve paid for. There is no good solution to the problem.
The bug was reported to Google via the company’s issue tracker over the weekend. It’s good to see Google moving so quickly to fix those issues once they’re brought to its attention.
Source: Android Police