Best IT Recipes

Promotional codes for in-app purchases violate remote server verification?

Releasing promotional codes for in-app purchases seems to prevent the app from attempting (ever again) to verify the purchase on a remote server!

When a promotional code is used to purchase in-app (broadcast PURCHASES_UPDATED ), it completely bypasses the stream of purchases, so the application does not have the ability to deliver the “DeveloperPayload” used for remote verification.

Later, when the application calls getPurchases () to get / check the owner’s products, the purchase data for promotional purchases will not contain "developerPayload" , but not "orderId" , it is also useful for remote verification using the Google Play developer API .

How should an application check in-app purchases made using promo codes?

Allowing users to redeem promotional codes through the Google Play Store app / site, bypassing the flow of purchases, seems like serious oversight, which should not be possible.

Problem Reports:

Related entries:

  • In-app purchases made using promo codes return an empty developer payload string
+46
android google-play in-app-billing
Feb 13 '16 at 14:26
source share
1 answer

This is really a security issue by Google, so I am going to suggest a workaround.

Along with the promo code, they provide users with a server identifier generated by your server, when receiving a promotion, they check the server identifier and accept the purchase only once.

When using from the market, send the identifier using a referrer. When using the application, you have your own logic for providing the server identifier.

There is no other solution on the bottom line, but some of them identify users with some kind of identifier.

+1
May 19 '17 at 19:28
source share


More articles:


All Articles