What will happen if leave "developer payload" as blank Google Play In-app Billing

StackOverflow https://stackoverflow.com/questions/23268032

  •  08-07-2023
  •  | 
  •  

Question

Well I have read lots of time about "developer payload" But I am not clearly understand, what for "developer payload" used for. So I am trying to use this as blank like this:

    public void onUpgradeAppButtonClicked(String SKU) {
    Log.d(TAG,"Upgrade button clicked; launching purchase flow for upgrade.");

    /*
     * TODO: for security, generate your payload here for verification. See
     * the comments on verifyDeveloperPayload() for more info. Since this is
     * a SAMPLE, we just use an empty string, but on a production app you
     * should carefully generate this.
     */
    String payload = "";

    mHelper.launchPurchaseFlow(this, SKU, RC_REQUEST,
            mPurchaseFinishedListener, payload);
}

And this:

boolean verifyDeveloperPayload(Purchase p) {
    String payload = p.getDeveloperPayload();
    return true;
}

So I have make a image. for 3 Situations. I want to learn what will happen after condition

enter image description here

Était-ce utile?

La solution

Yes the most possible shit occurs at scenario 2.

But how many users are on scenario 2? I think it would be not many. Most people don't share their devices.

But I'm thinking about another crack possibility if this payload string left empty. It would be easy to crack it down.

The only thing makes me mad is this thing should be on Google API side. Google's job to verify and make sure who purchased the item. Why we need our own server?

Autres conseils

You should pass in a string token that helps your application to identify the user who made the purchase, so that you can later verify that this is a legitimate purchase by that user.

Think of this as a receipt. If a customer came in and wanted to return an item or warranty, you'd want to be darned sure that receipt wasn't printed at home. Using this token will help prevent fraud.

It's not required, but it is advised. According to the docs you can send an empty string, though I'm not sure about null. It's advisable for security reasons though. You can use the payload to verify that the purchase was made by the user that you intended, for instance. See the billing Security Best Practices

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top