I'd like some advice on how to secure my application server-side interface.
I want to make sure that only people who bought my application can use it, and the server-side web interface that it relies on.
My thoughts are similar to others who use the phone number and device ID, but it seems not as secure as I'd like and I'm not sure that I will be able to verify each phone number or device as a paying customer.
Does anyone know if that information is provided to the developer after a completed purchase in the Android Market?
I could force users to set up an account on my server and validate themselves I guess.
I'm also considering shared secret type architectures, but really I need some advice from the experienced developers here.