Please explain me if I'm wrong.
By reading
https://developer.android.com/distribute/tools/open-distribution.html
I see an option for the ones trying to create their own apk files, because they should sign their new apk and is not required to have keys signed by Play Store authority, then they can use any method listed there.
When you install apk apps, they should ask for permissions and is issue of the users to allow or reject, even if they want to install apps from untrusted places. Permissions should not an issue here, they are grant by the user.
With that in mind, you can continue serving your application from Play Store, secured and updated, and your users can download your object files, by login in your site, while he and others have a valid license to use the software, and create and distribute new apk self-signed to others.
Additional issue is to make sure any one trying to use your software behave to connect to a server to authenticate, validating a license or if you install license keys to validate against, like Docs to Go use a second apk Docs to Go Premium Key to enable paid legitimate applications to run.
El 26 jul. 2016 12:35 a. m., "Dov Grobgeld" <dov grobgeld gmail com> escribió:As is explained in the article, a package rebuilt by the user will not be signed with the same digital key as the original play store distributed package. Due to the isolation of packages by android, this user built package will not have access the same areas on the file system as the original package. Therefore it is not a replacement and the conditions of the LGPL have not been fulfilled. In contrast a deb built by a user does not have these restrictions.The only way I see this working is by skipping play store altogether and only distribute object files and instructions for the end users how to build a package on their own. That unfortunately prevents most people's grandmothers from using the application.But then again, IANAL.Regards,DovOn Tue, Jul 26, 2016 at 3:32 AM, Daniel Espinosa <esodan gmail com> wrote:While this article digital signature is the issue, but if you create your own apk file and install in your phone, or any one do the same, with out using Play Store at all what is the difference if you create your own deb package and install in your system or any other use it at his own risk, with out use any Debian official repository?
In order to fulfill LGPL, you should provide a way for your users to download object files and by themselves links and package it with their own version of GLib.