What will happen if leave "developer payload" as blank Google Play In-app Billing

Question

Well I have read lots of time about "developer payload" But I am not clearly understand, what for "developer payload" used for. So I am trying to use this as blank like this:

    public void onUpgradeAppButtonClicked(String SKU) {
    Log.d(TAG,"Upgrade button clicked; launching purchase flow for upgrade.");

    /*
     * TODO: for security, generate your payload here for verification. See
     * the comments on verifyDeveloperPayload() for more info. Since this is
     * a SAMPLE, we just use an empty string, but on a production app you
     * should carefully generate this.
     */
    String payload = "";

    mHelper.launchPurchaseFlow(this, SKU, RC_REQUEST,
            mPurchaseFinishedListener, payload);
}

And this:

boolean verifyDeveloperPayload(Purchase p) {
    String payload = p.getDeveloperPayload();
    return true;
}

So I have make a image. for 3 Situations. I want to learn what will happen after condition

Answer 1

Yes the most possible shit occurs at scenario 2.

But how many users are on scenario 2? I think it would be not many. Most people don't share their devices.

But I'm thinking about another crack possibility if this payload string left empty. It would be easy to crack it down.

The only thing makes me mad is this thing should be on Google API side. Google's job to verify and make sure who purchased the item. Why we need our own server?

Answer 2

You should pass in a string token that helps your application to identify the user who made the purchase, so that you can later verify that this is a legitimate purchase by that user.

Think of this as a receipt. If a customer came in and wanted to return an item or warranty, you'd want to be darned sure that receipt wasn't printed at home. Using this token will help prevent fraud.