To ensure that my paid android application was legally installed from store, I write this:

String installer = getPackageManager().getInstallerPackageName(
        "com.example.myapp");

if (installer == null) {
    // app was illegally downloaded from unknown source. 
    // dear user, please re-install it from market
} 
else {
    // app was probably installed legally
    // (also it's good to check actual installer name)
}

Is it ok? Is there a chance that application that is legally purchased and installed from market will get empty installer package name and fail this test?

I understand that user can run adb -i com.fake.installer myapp.apk and pass this check, but it's more important if legal users will get potential problems or not.

You should not use PackageManager#getInstallerPackageName to check if the app was installed from Google Play or for licensing purposes for the following reasons:

1) The installer packagename can change in the future. For example, the installer package name use to be "com.google.android.feedback" (see here) and now it is "com.android.vending".

2) Checking the installer packagename for piracy reasons is equivalent to using Base64 to encrypt passwords — it's simply bad practice.

3) Users who legally purchased the app can side-load the APK or restore it from another backup application which doesn't set the correct installer packagename and get a license check error. This will most likely lead to bad reviews.

4) Like you mentioned, pirates can simply set the installer packagename when installing the APK.

You should use App Licensing or switch to In-app Billing.

While getInstallerPackage("com.example.mypackagename") does the trick and is basically a little more difficult for "hackers" to still make use of your paid app without actually paying for it, it is true it is not the best method to not let this happen.

What can you do instead?

• You could add license to your app.

This basically ensures that the app has been bought by the user using the phone.

• Another thing you can do is make your app free and add in app purchases to it. In your case, just ONE in app purchase, an one time subscription. This, in my opinion, is the better solution to this problem, from two reasons:
  1. It solves your original problem, not letting the users use your premium functionalities unless they actually purchase them.
  2. It makes your app more friendly to download. Users can try it before they buy it, and this is always a plus when trying to gain more users.

Of course, there is a downside to this: you have a lot of work if your app's architecture wasn't built around this idea. However, I think it's totally worth it.

This is better answer to directly check users come from playstore or not. But do not block users on this basis because there is many reasons. You can just verify.

So, I add this code in app and checked output in many conditions.

// The package name of the app that has installed your app
final String installer = context.getPackageManager().getInstallerPackageName(context.getPackageName());

Condition 1: I directly install app from Android Studio during Coding(like testing via adb/wire).

Output: null

Condition 2: I build signed apk and install in device

Condition 3: I take backup of signed apk in storage and reInstall it

Output(same): com.google.android.apps.nbu.files

Condition 4: I build signed abb and update on PlayStore

Output: com.android.vending

Condition 5: I take backup of app that installed from playstore in storage and reintall it

Output: com.google.android.apps.nbu.files

..if anyone test output in other conditions like ( output of modded app that download from playstore // users download app from others store like amazonStore etc.. ) then Please Update answer.