You should not use PackageManager#getInstallerPackageName to check if the app was installed from Google Play or for licensing purposes for the following reasons:
1) The installer packagename can change in the future. For example, the installer package name use to be "com.google.android.feedback" (see here) and now it is "com.android.vending".
2) Checking the installer packagename for piracy reasons is equivalent to using Base64 to encrypt passwords — it's simply bad practice.
3) Users who legally purchased the app can side-load the APK or restore it from another backup application which doesn't set the correct installer packagename and get a license check error. This will most likely lead to bad reviews.
4) Like you mentioned, pirates can simply set the installer packagename when installing the APK.
You should use App Licensing or switch to In-app Billing.