简体繁体 English

存储应用内购买的最佳方式

[英]Best way possible to store in-app purchases

原文 2014-01-20 02:17:01 7 2 android/ in-app-billing

Before I ask the question, I have gone through the Android In-App billing documentation , and some similar questions on StackOverflow like this . 之前我问这个问题，我已经通过了的Android应用内结算文档，并像在计算器上一些类似的问题本。 Also I am guessing this question may be closed or down-voted, as its not a direct programming question and is subjective in nature. 此外，我猜这个问题可能会被关闭或者投票，因为它不是一个直接的编程问题，而且本质上是主观的。 But still, here it goes. 但是，它仍然存在。

The implementation works fine. 实施工作正常。 My question is what would be a good way to store the in-app purchases locally. 我的问题是在本地存储应用内购买的好方法。 In my case, there is only one one-time unlockable item which unlocks full functionality of the app, and does not expire or get consumed. 在我的情况下，只有一个一次性解锁项目可以解锁应用程序的全部功能，并且不会过期或被消耗。

Shared Preferences seems a little too easy for piracy. 共享偏好对于盗版来说似乎有点太容易了。 Even though querying the Google Play works fine and seems relatively secure, is it good enough to rely on? 即使查询Google Play工作正常并且看起来相对安全，它还可以依靠吗？ Since the documentation recommends to make the call asynchronously, it doesn't sound like a good idea that the user who has paid for the unlocked features, might have to wait to get access to the unlocked features. 由于文档建议以异步方式进行调用，因此支付解锁功能的用户可能不得不等待访问未锁定的功能并不是一个好主意。 Also, when the GP cache is cleared, it takes longer than usual (which might be a rare scenario). 此外，当清除GP缓存时，它需要比平时更长的时间（这可能是一种罕见的情况）。

But seeing that there are so many apps and developers, I am wondering how other developers handle it? 但是看到有这么多的应用程序和开发人员，我想知道其他开发人员如何处理它？

2 个解决方案

Actually i think that your question will be closed for a few different reasons, but i will give you some insights. 实际上我认为你的问题会因为几个不同的原因而被关闭，但我会给你一些见解。

You have a few options, depending on the nature of the products, and in some other things. 根据产品的性质以及其他一些方面，您可以选择一些选项。

If the product is valid for life time, or depending on time (for instante, updates for a year) you can rely in google play, and that could be good. 如果产品终身有效，或者根据时间（对于instante，更新一年），您可以依赖谷歌播放，这可能是好的。
If the product is something that the user will expend in different ways inside the application, such as in-game currency, extra lives, etc, you should save it locally, in a sqlite database, or in a remote database if you want to use a server to centralize some services. 如果产品是用户在应用程序内部以不同方式消费的东西，例如游戏内货币，额外生命等，则应将其保存在本地，sqlite数据库或远程数据库（如果要使用）用于集中某些服务的服务器。

If you take a look at the section "Consume a Purchase" of the guide purchase iab products you can read: 如果您查看指南购买iab产品的 “消费购买”部分，您可以阅读：

Once an item is purchased, it is considered to be "owned" and cannot be purchased again from Google Play while in that state. 购买商品后，系统会将其视为“拥有”，并且在该状态下无法再从Google Play购买。 You must send a consumption request for the item before Google Play makes it available for purchase again. 在Google Play再次购买之前，您必须先发送该项目的消费请求。 All managed in-app products are consumable. 所有托管的应用内商品均为耗材。 How you use the consumption mechanism in your app is up to you. 如何在应用程序中使用消费机制取决于您。 Typically, you would implement consumption for products with temporary benefits that users may want to purchase multiple times (for example, in-game currency or replenishable game tokens). 通常，您将为具有用户可能想要多次购买的临时利益的产品实施消费（例如，游戏中的货币或可补充的游戏代币）。 You would typically not want to implement consumption for products that are purchased once and provide a permanent effect (for example, a premium upgrade). 您通常不希望为一次购买的产品实施消费并提供永久性效果（例如，高级升级）。

For consumable products: 对于消耗品：

It's your responsibility to control and track how the in-app product is provisioned to the user. 您有责任控制和跟踪应用内产品如何配置给用户。 For example, if the user purchased in-game currency, you should update the player's inventory with the amount of currency purchased. 例如，如果用户购买了游戏币，您应该使用购买的货币金额更新玩家的库存。

Security Recommendation: You must send a consumption request before provisioning the benefit of the consumable in-app purchase to the user. 安全建议：在向用户提供耗材应用程序内购买的好处之前，您必须发送消耗请求。 Make sure that you have received a successful consumption response from Google Play before you provision the item. 在配置项目之前，请确保您已收到Google Play的成功消费回复。

Anyways, at any range i would recommend to keep track of all the products that an user buys and all the privileges that he has by yourself, since it is faster, and it could be useful for some other things like custom stats, reporting, etc. 无论如何，在任何范围内，我都建议跟踪用户购买的所有产品以及他自己拥有的所有权限，因为它更快，并且它可能对其他一些事情有用，如自定义统计，报告等。

You should use a backend web server if you're concerned about piracy. 如果您担心盗版，则应使用后端Web服务器。 Google has a web api for checking if a purchase is legit. 谷歌有一个网络API，用于检查购买是否合法。 Have the device contact your web server. 让设备联系您的Web服务器。 Have the web server validate with Google. 让网络服务器通过Google验证。 If valid then let the device download your assets from the server. 如果有效，则让设备从服务器下载资产。

If the in app item is not an asset, but a consumable item like in a game maybe have your server return an encrypted string that your app knows how to decipher. 如果in app项目不是资产，但是游戏中的消耗品可能让您的服务器返回加密字符串，您的应用程序知道如何解密。

If you rely completely on locally stored purchase info it will be very easy to spoof. 如果您完全依赖本地存储的购买信息，则很容易欺骗。