Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What will happen if leave "developer payload" as blank Google Play In-app Billing

Well I have read lots of time about "developer payload" But I am not clearly understand, what for "developer payload" used for. So I am trying to use this as blank like this:

    public void onUpgradeAppButtonClicked(String SKU) {
    Log.d(TAG,"Upgrade button clicked; launching purchase flow for upgrade.");

    /*
     * TODO: for security, generate your payload here for verification. See
     * the comments on verifyDeveloperPayload() for more info. Since this is
     * a SAMPLE, we just use an empty string, but on a production app you
     * should carefully generate this.
     */
    String payload = "";

    mHelper.launchPurchaseFlow(this, SKU, RC_REQUEST,
            mPurchaseFinishedListener, payload);
}

And this:

boolean verifyDeveloperPayload(Purchase p) {
    String payload = p.getDeveloperPayload();
    return true;
}

So I have make a image. for 3 Situations. I want to learn what will happen after condition

enter image description here

like image 948
mehmet Avatar asked Apr 24 '14 11:04

mehmet


People also ask

Is developer payload supported in the Google Play billing library?

With versions 2.2 and higher of the Google Play Billing Library, intended use cases that previously relied on developer payload are now fully supported in other parts of the library. With this support in place, we have deprecated developer payload, starting with version 2.2 of the Google Play Billing Library.

Can I still retrieve developer payload for purchases made using aidl?

Note that your app can continue to retrieve developer payload for purchases made using either previous versions of the library or AIDL. For a detailed list of changes, see the Google Play Billing Library 2.2 release notes . and Google Play Billing Library 3.0 release notes.

What happened to the methods associated with developer payload?

Methods associated with developer payload have been deprecated in version 2.2 and were removed in version 3.0. Note that your app can continue to retrieve developer payload for purchases made using either previous versions of the library or AIDL.

How does Google Play billing work?

The application accesses Google Play’s server using an API exposed by the Google Play App installed on a user’s mobile device. The Google Play App processes and conveys all billing details between the app and the Google Play server, so they never communicate directly.


2 Answers

Yes the most possible shit occurs at scenario 2.

But how many users are on scenario 2? I think it would be not many. Most people don't share their devices.

But I'm thinking about another crack possibility if this payload string left empty. It would be easy to crack it down.

The only thing makes me mad is this thing should be on Google API side. Google's job to verify and make sure who purchased the item. Why we need our own server?

like image 113
stuckedoverflow Avatar answered Sep 25 '22 02:09

stuckedoverflow


You should pass in a string token that helps your application to identify the user who made the purchase, so that you can later verify that this is a legitimate purchase by that user.

Think of this as a receipt. If a customer came in and wanted to return an item or warranty, you'd want to be darned sure that receipt wasn't printed at home. Using this token will help prevent fraud.

like image 35
Andy Avatar answered Sep 22 '22 02:09

Andy