you can use the developer payload for user identification and security.
There are two ways to generate the developer payload according to your application in the application billing requirement.
1) if you use an unmanaged item (non-consumable item), you can simply use a UserID that uniquely identifies the user, in particular your application. you can send the developer payload as UserID.
or
you can put the email address in the developer's payload for a unique identifier if you have a user email id stored on the server. when you get a response from a Google game after a user has paid for a product, and then extract it from the server database of this user account, compare your developer payload.
Local database (e.g. SQLite):
UserID (Automatecally generated by product type userEmailAddress Sql database) 1 product1 abc@gmail.com 2 product1 xyz@gmail.com 3 product1 pqr@gmail.com
Or you can pass it to the payload as userID
-> this will create a problem for a while. if you do not want to go with the server database, then you can simply ignore the development of the payload by making it an empty string, and this will not affect your code much more. Check out this link by Nikolai Elenkov: stackoverflow.com/questions/14553515/
2) if you use a consumable item (managed item), you can use an arbitrary generated string
step 1: before on create method declare this: private static final char[] symbols = new char[36]; static { for (int idx = 0; idx < 10; ++idx) symbols[idx] = (char) ('0' + idx); for (int idx = 10; idx < 36; ++idx) symbols[idx] = (char) ('a' + idx - 10); }
Step 2: set the class RandomString and SessionIdentifierGenerator in your activity.
public class RandomString { private final Random random = new Random(); private final char[] buf; public RandomString(int length) { if (length < 1) throw new IllegalArgumentException("length < 1: " + length); buf = new char[length]; } public String nextString() { for (int idx = 0; idx < buf.length; ++idx) buf[idx] = symbols[random.nextInt(symbols.length)]; return new String(buf); } } public final class SessionIdentifierGenerator { private SecureRandom random = new SecureRandom(); public String nextSessionId() { return new BigInteger(130, random).toString(32); } }
step 3: pass the payload to your puchase request:
RandomString randomString = new RandomString(36); System.out.println("RandomString>>>>" + randomString.nextString()); /* String payload = ""; */ // bGoa+V7g/yqDXvKRqq+JTFn4uQZbPiQJo4pf9RzJ String payload = randomString.nextString(); Log.e("Random generated Payload", ">>>>>" + payload); Log.d(TAG, "Launching purchase flow for infinite gas subscription."); mHelper.launchPurchaseFlow(this, SKU_GAS, IabHelper.ITEM_TYPE_INAPP, RC_REQUEST, mPurchaseFinishedListener, payload); for more inforamation check this link: http://stackoverflow.com/questions/41107/how-to-generate-a-random-alpha-numeric-string
Note:
Safety Recommendation:. When you receive a response from a purchase on Google Play, be sure to check the received data signature, orderId and the Payload developer line in the Purchase object to make sure that you get the expected values. You should check that orderId is a unique value that you have not previously used is being processed, and the Payload developer line corresponds to the token that you sent earlier with the purchase request. As an added safety precaution, you must perform a self-checking server.
check this link: http://developer.android.com/google/play/billing/billing_integrate.html
for more details check this link: http:
Hope this helps you.