Decentralized App Store and License Management Using Smart Contracts and Self-Sovereign Identities

Document Type : Research Article


Faculty of Electrical and Computer Engineering, Tarbiat Modares University, Tehran, Iran.


Mobile applications are playing an important role in our digital lives. App stores can be considered key components in the ecosystem of mobile applications. They assist users to ensure the authenticity of applications and protecting the intellectual property rights of application developers. In this paper, we introduce an autonomous decentralized mobile application distribution platform (app store) and a license management solution that utilizes a public blockchain and operates by smart contracts. We identify developers by their decentralized and self-sovereign identities, verify the integrity of the applications according to the secure information on the blockchain, and implement a fully autonomous license management solution by non-fungible tokens (NFT) on the blockchain. We deploy a proof-of-concept implementation of our proposal written in Solidity language on the Ropsten (Ethereum) and RSK testnets, and evaluate its latency and costs. Our comparison with the related works demonstrates that our proposal ranks atop the related works.


[1] W. Martin, F. Sarro, Y. Jia, Y. Zhang, and M. Harman. A Survey of App Store Analysis for Software Engineering. IEEE Transactions on Software Engineering, 43(9):817 -- 847, 2017. [ bib | DOI ]
[2] T. Erdbrink and V. Goel. Apple, Citing U.S. Sanctions, Removes Popular Apps in Iran., Date Accessed: Sep. 2, 2021. [ bib ]
[3] J. Li, A. Grintsvayg, J. Kauffman, and C. Fleming. LBRY: A Blockchain-Based Decentralized Digital Content Marketplace. In 2020 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS), pages 42--51. IEEE, 2020. [ bib | DOI ]
[4] J. Crussell, C. Gibler, and H. Chen. Attack of the Clones: Detecting Cloned Applications on Android Markets. In European Symposium on Research in Computer Security, page 37–54. Springer, 2012. [ bib | DOI ]
[5] J. Crussell, C. Gibler, and H. Chen. AnDarwin: Scalable Detection of Semantically Similar Android Applications. In European Symposium on Research in Computer Security, page 182–199. Springer, 2013. [ bib | DOI ]
[6] A. Reyna, C. Martín, J. Chen, E. Soler, and M. Díaz. On blockchain and its integration with IoT. Challenges and opportunities. Future Generation Computer Systems, 88:173--190, 2018. [ bib | DOI ]
[7] S. Pech. Copyright Unchained: How Blockchain Technology Can Change the Administration and Distribution of Copyright Protected Works. Nw. J. Tech. & Intell. Prop., 18, 2020. [ bib | DOI ]
[8] K. Thompson. Reflections on Trusting Trust. Communications of the ACM, 27(8):761--763, 1984. [ bib | DOI ]
[9] A. Litchfield and J. Herbert. ReSOLV: Applying Cryptocurrency Blockchain Methods to Enable Global Cross-Platform Software License Validation. Cryptography, 2(2), 2018. [ bib | DOI ]
[10] X. Xu, I. Weber, and M. Staples. Architecture for Blockchain Applications. Springer, 2019. [ bib ]
[11] A. Narayanan, J. Bonneau, E. Felten, A. Miller, and S. Goldfeder. Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction. Princeton University Press, 2016. [ bib ]
[12] D. Reed, M. Sporny, D. Longley, C. Allen, R. Grant, M. Sabadello, and J. Holt. Decentralized Identifiers (Dids) V1. 0: Core Architecture Data Model and Representations. 2020. DecentralizedIdentifiers(DIDs)v1.0(, Date Accessed: May. 10, 2021. [ bib ]
[13] N. Mohammadzadeh, S. Dorri Nogoorani, and J. Muñoz-Tapia. Decentralized Factoring for Self-Sovereign Identities. Electronics, 10(12), 2021. [ bib | DOI ]
[14] P. Braendgaard and T. Joel. EIP-1056: Ethereum Lightweight Identity., Date Accessed: Sep. 2, 2021. [ bib ]
[15] J. Benet. IPFS - Content Addressed, Versioned, P2P File System. arXiv preprint arXiv:1407.3561, 2014. [ bib | DOI ]
[16] G. S. Mendes, D. Chen, B. M. Silva, C. Serrao, and J. Casal. A Novel Reputation System for Mobile App Stores Using Blockchain. Computer, 54(2):39 -- 49, 2021. [ bib | DOI ]
[17] C. Cassano. Deco.Network Alpha Smart Contracts. https:/, Date Accessed: June. 7, 2022. [ bib ]
[18] B. Ahmad, J. Dujaka, E. Herwin, and N. Sauer. Serverless Software License. Project Report, 2020. [ bib ]
[19] D. Tkachenko. How to Develop an Ethereum Smart Contract for Licensing?, Date Accessed: June. 7, 2022. [ bib ]
[20] V. Stepanova and I. Erinš. Blockchain-Based Model for Software Licensing. In 2019 4th International Conference on System Reliability and Safety (ICSRS), pages 30--34. IEEE, 2019. [ bib | DOI ]
[21] C. Fortin. Master Bitcoin - The Proof of Ownership. Technical Report, 2011. [ bib ]
[22] J. Herbert and A. Litchfield. A Novel Method for Decentralised Peer-to-peer Software License Validation Using Cryptocurrency Blockchain Technology. In Proceedings of the 38th Australasian computer science conference (ACSC 2015). AUT, 2015. [ bib | DOI ]
[23] D. Shabun. Spheris Whitepaper. Technical Report, 2017. [ bib ]
[24] A. Seitz, D. Henze, D. Miehle, B. Bruegge, J. Nickles, and M. Sauer. Fog Computing as Enabler for Blockchain-Based IIoT App Marketplaces - A Case Study. In 2018 Fifth International Conference on Internet of Things: Systems, Management and Security, pages 182--188. IEEE, 2018. [ bib | DOI ]
[25] F. Magnanini, L. Ferretti, and M. Colajanni. Efficient License Management Based on Smart Contracts Between Software Vendors and Service Providers. In 2019 IEEE 18th International Symposium on Network Computing and Applications (NCA), pages 1--6. IEEE, 2019. [ bib | DOI ]
[26] J. Park, S. Lee, G. Kim, and J. Ryou. Decentralized Blockchain-Based Android App Store with P2P File System. In Advances in Computer Science and Ubiquitous Computing, page 525–532. Springer, 2018. [ bib | DOI ]
[27] M. Moharrer Monem and S. D. Nogoorani. A Decentralized App Store Using the Blockchain Technology. In 2020 17th International ISC Conference on Information Security and Cryptology (ISCISC), pages 14--21. IEEE, 2018. [ bib | DOI ]
[28] A. P. Kryukov and A. Demichev. Decentralized Data Storages: Technologies of Construction. Programming and Computer Software, 44(5):303–315, 2018. [ bib | DOI ]
[29] F. Vogelsteller and V. Buterin. EIP-20: Token Standard. Technical Report, 2015. [ bib ]
[30] Android Developers Documentation. App Licensing., Date Accessed: Aug. 17, 2021. [ bib ]
[31] W. Entriken and D. Shirley and J. Evans and N. Sachs. EIP-721: Non-Fungible Token Standard. Technical Report, 2021. [ bib ]