I use Google LVL and Google Inapp Billing API ver 3 in my java application for Android. Of course, I use the (slightly modified) LVL library project from the Google add-ons and the IAP bank that Google offers.
The LicenseValidator library library in verifyLicense receives a ResponseData with the user ID in it. Google docs say this is a unique user ID representing the google user account used to purchase. Therefore, I assumed (and made sure in the tests) that this is the same line (for example, "ANlOH <...> ppA ==") on all devices where the user is logged in with the same Google account.
So here is my iap purchase protection scheme.
Before buying, the application sends the user ID to my server. It generates an encrypted payload from the user ID and sends it back. The application makes a purchase request and puts a payload into it. The application receives a receipt signed by Google, which has the same payload. The application sends this receipt to my server with the current user ID. The server performs signatures and other checks, compares user identifiers with the payload and sender, and if everything sends the iap application files to the application normally.
In another case, when the user reinstalls the application on this or another device, the application receives receipts belonging to him from InAppBilling, sends them to my server with the current user ID. The server performs the same checks and - if everything is in order - sends all the necessary files to the application.
. Android.
, : , ( ). , ,
, ( ).
Android 4.4.2 google, "".
, Google . :
InAppBillingUtils.getPreferredAccount: com.mypackage.appname: Account from first account - [jbC...FgH]
, LVL , . LogCat:
InAppBillingUtils.pickAccount: smpxg.mythdefdf: Account determined from library ownership - [boL...M5E]
, InAppBilling , LVL ! . , , LVL InAppBilling , , .
, , , . , , "... yUQ" "... ppA", . .
, , FAQ. . , - ! : , , .
iap, , , , . , . , !
AFAIK, InAppBilling user-id google, .
- , iap :)
, Google , , .
, :
- - ?
- , ?
- Ls InAppBilling
? ?
!