Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

In-App Billing Security and Design questions

Tags:

android

security

google-play

in-app-purchase

I have a few questions connected to Android In-App Billing:

  1. Is it possible to make a purchase from non-Market app? I understand that it would be a vulnerability, but I have no opportunity to find out if it's possible or not.

  2. How can I get purchase state for a particular product? As far as I understand it can be done using RESTORE_TRANSACTIONS request, but it's not recommended to use very often. That's not a theoretical problem. My application allows users to buy content using in-app billing. Content can be downloaded from a server, and server must allow content downloading only if it was purchased. But it can't check if content was purchased or not without using signed response from Android Market.

  3. How can I get price and description of an item from Android Market? Seems that I know the answer and it's "there's no way it can be done", but maybe I'm wrong. It would be very useful to have a possibility of retrieving item's price.

It's very interesting to me how you solved/are going to solve these problems in your apps. Answer to any of these questions will be appreciated.

like image 678
Michael Avatar asked Apr 04 '11 09:04

Michael

1 Answers

In order:

1- Nope. The in-app billing process is part of Market. If the app comes from elsewhere, there's no way for Market to verify the origin/authenticity of the application.

2- It's your responsibility to store the purchase state for a particular product. From the doc:

You must set up a database or some other mechanism for storing users' purchase information.

RESTORE_TRANSACTIONS should be reserved for reinstalls or first-time installs on a device.

3- Unfortunately, at this time you're right. File a feature request!

In the meantime, one option is to set up a website with appengine, store listings of all your content & pricing there, and then manually sync prices listed on your appengine server with the updated prices in Market. Then have your Android app pull the data from the AppEngine server. This is much better than hardcoding price values into the app itself, since you don't need to have everyone update the app immediately to see accurate pricing whenever you change something. The only caveat of this method is that if the user is in a different country, in-app billing will display an approximated price in their native currency, and there's no way for you to determine exactly what price will be displayed to them.

Related, One of the Android Developer Advocates is giving a talk on LVL/IAP at IO, called "Evading Pirates and Stopping Vampires using License Verification Library, In-App Billing, and App Engine." - It would definitely be worth your while to watch when they release the session videos on the website.

like image 170
Alexander Lucas Avatar answered Oct 31 '22 19:10

Alexander Lucas
Sign in to Comment

Related questions

Getting error: String reference not set to an instance of a String. Parameter name: s
Digital camera algorithms
How to make sure the numpy BLAS libraries are available as dynamically-loadable libraries?
Redirecting/storing output of shell into GDB variable?
ActiveXObject in Firefox or Chrome (not IE!)
How to find "import name" of any package in Python?
JPA 2.0 native query results as map
c++ less operator overload, which way to use?
AttachConsole(-1), but Console.WriteLine won't output to parent command prompt?
List of JSON search engine APIs without quotas, like Bing? [closed]
setter and getter for an atomic property
How to Track App Usage in Android? How to detect when an activity is launched?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!