Geek Answers Handbook

What happens if you leave the “developer payload” as an empty Google Play In-app billing

Well, I read about the "developer payload" many times. But I do not quite understand what the "developer payload" is used for. So I am trying to use this as empty:

public void onUpgradeAppButtonClicked(String SKU) { Log.d(TAG,"Upgrade button clicked; launching purchase flow for upgrade."); /* * TODO: for security, generate your payload here for verification. See * the comments on verifyDeveloperPayload() for more info. Since this is * a SAMPLE, we just use an empty string, but on a production app you * should carefully generate this. */ String payload = ""; mHelper.launchPurchaseFlow(this, SKU, RC_REQUEST, mPurchaseFinishedListener, payload); }

And this:

 boolean verifyDeveloperPayload(Purchase p) { String payload = p.getDeveloperPayload(); return true; }

So, I made an image. for 3 situations. I want to know what happens after the condition

enter image description here

+7
android in-app-billing
source share
3 answers

Yes, the most likely crap happens in scenario 2.

But how many users are in scenario 2? I think this will not be so much. Most people do not share their devices.

But I'm thinking of another hacking option if this payload line is left blank. It would be easy to crack it.

The only thing that makes me angry is that it should be on the side of the Google API. Google to check and make sure who purchased the goods. Why do we need our own server?

+5
source share

You must pass a string token that will help your application identify the user who made the purchase so that you can later verify that this is a legitimate purchase for that user.

Think of it as receipts. If a customer came and wanted to return a product or a guarantee, you need to be sure that the receipt was not printed at home. Using this token will help prevent fraud.

+2
source share

This is not required, but recommended. According to the docs, you can send an empty string, although I'm not sure about zero. However, this is useful for security reasons. You can use the payload to make sure that the purchase was made by the user you intended, for example. See Payment Details Security Recommendations

+1
source share

More articles:


All Articles