At a glance: Protect your apps against unauthorized use by adding the Google License Verification Library (LVL) to handle all license-related communication with Google Play.
Overview
The License Verification Library (LVL) is a library you can add to your apps (downloadable from the Android SDK) that handles all of the licensing-related communication with the Google Play licensing service.
This adds another layer of protection, on top of the Protect360 algorithms, by enabling verification that installs are coming from real Google Play users. This helps reduce discrepancies between the number of installs visible on Google Play and the AppsFlyer dashboard.
The Google Play Licensing service determines whether the user is licensed to use an app or not. Google Play considers users to be licensed if they are recorded purchasers of the app. The license is unique per app and can be used for enhanced protection. Learn more
AppsFlyer's SDK collects the data from the customer side and Protect360 performs the server-side license verification, blocking fraudulent installs that fail verification for both organic and non-organic installs. The “Block reason” you will see in the Protect360 dashboard and reports will be “Bots”.
Set up LVL
Add LVL
Currently, this is a manual process where you'll need to pass the below information to your AppsFlyer CSM so they can add it manually.
To add the LVL:
- Add the LVL library to build.gradle implementation
com.appsflyer:lvl:6.12.3
- Get the app’s Licensing & in-app billing:
From the Google Play Developer Console (Select the app -> Development Tools -> Services and APIs).
Base64-encoded RSA public key
- Pass the above information on to your AppsFlyer CSM.
Test and troubleshoot
When debugging the app, you should be able to see LVL information on the payload that is sent to AppsFlyer, like the example below:
"lvl":{
"ttr":,<ttr>,
"signature":"<signature>",
"signedData":"<signedData>"
}
Work with your support/SDK team in case there is no LVL information on the install message.
Please provide your CSM with the following information:
- public key
- app-id
- minimum app-version the LVL is integrated in
Setup process
Once we get your request, the Protect360 team will configure LVL verification in STAGING mode. At this stage, the system will only report the results of LVL verification internally for AppsFlyer. A couple of days later, we will check our data.
If everything looks good:
- We will set the LVL verification to PRODUCTION mode and it will start blocking traffic.
- The Protect360 team will notify the CSM.
If something isn't right (like if we don't see LVL information on the install events):
- We will leave the LVL verification in STAGING mode.
- Your CSM will notify you and help you troubleshoot the implementation in the app.
FAQ
What if an app is installed from a store other than Google Play?
LVL validation will not verify and not block installs coming from stores other than Google Play.
How much time does it take to get LVL set up?
Once we get the information, it takes a few business days to set up LVL and verify the data. See details about the setup process.
Does LVL affect app functionality?
No, app functionality is not affected.
What is the difference between LVL and GP-referrer?
The license verification using LVL, differs from GP-referrer verification algorithms as the LVL handles license verification for the app itself (license per app), while the GP-referrer is used to get the install's redirection source to the Google Play store with the installed package's referrer URL (the timestamps of when a referrer click happened, when the installation began, the app version, etc.). In short, while LVL is used for checking that the user is licensed to use the app, the GP-referrer is used for verifying that the install details were not forged.