堆栈内存溢出
  简体   繁体   English

许多购买都失败了Google IAP验证

[英]Google IAP verification has failed for many purchases

 原文  2014-11-26 18:12:46       android/ in-app-purchase/ in-app-billing

问题描述

I'm using Google IAP v3 in Android app. 我在Android应用中使用Google IAP v3。 I've implemented signature checking using GoogleIabHelper class. 我使用GoogleIabHelper类实现了签名检查。 I'm also checking the signature on the server side with almost the same code. 我也用几乎相同的代码检查服务器端的签名。

In the server logs I've found a lot purchases are invalid. 在服务器日志中,我发现很多购买都是无效的。 Here are example data for 2 valid purchases and one invalid: 以下是2次有效购买和1次无效的示例数据:

Valid purchases 有效购买 

#1
orderId:         12399363269014736759.1358132323863451
purchaseTime:    1416079768157
purchaseToken:   olcgkklnpigiceancikanedj.AO-J1O...
dataSignature matches: yes
response from androidpublisher API: purchaseTimeMillis = 1416079768157, purchaseState = 0

#2
orderId:         12399363269014736759.1311230454123912
purchaseTime:    1415844666976
purchaseToken:   ajkaitpnfgotgkmhlboatkmc.AO-J1O...
dataSignature matches: yes
response from androidpublisher API: purchaseTimeMillis = 1415844666976, purchaseState = 0

Invalid purchase 购买无效 

orderId:         6246434551497330082
purchaseTime:    1415813103372
purchaseToken:   xdavcuvdnniwwrhwemleqjdz.rSQozm...
dataSignature matches: no
response from androidpublisher API: "code": 400, "message": "Invalid Value"

As you can see data of the two valid purchases look similar. 正如您所看到的,两个有效购买的数据看起来相似。 Both dataSignatures are correct and the androidpublisher API returns valid data for these purchases. 两个dataSignatures都是正确的, androidpublisher API返回这些购买的有效数据。

Now look at the invalid purchase: 现在看看无效购买:

  • orderId doesn't match the pattern of valid purchases orderId与有效购买的模式不匹配
  • purchaseTime is in the past (Wed Nov 12 2014 18:25:03 GMT+0100 (CET)) even though the purchase had been made today purchaseTime是过去(周三2014年11月12日18时25分03秒GMT + 0100(CET)),即使购买已取得今天
  • purchaseToken prefix is different after the . purchaseToken前缀不同之后. (dot) (点)
  • dataSignature doesn't match dataSignature不匹配
  • androidpublisher API returns Invalid Value androidpublisher API返回Invalid Value

Pretty sure it's invalid purchase huh? 很确定这是无效的购买吧? What about 2-4 purchases like this per day. 那么每天2-4次购买怎么样? I'm wondering do IAP frauds are real problem or there's problem with my code and IAP verification. 我想知道IAP欺诈是真正的问题,还是我的代码和IAP验证有问题。 Could someone share their experience with invalid purchases using Google IAP v3? 有人可以分享他们使用Google IAP v3进行无效购物的经历吗?

1 个解决方案

解决方案1
 3 已采纳  2014-11-28 15:06:53

After digging a little deeper it turns out there are so many ways to hack IAP, but good purchase validation prevents from it (like presented in the question). 经过深入研究后发现有很多方法可以破解IAP,但良好的购买验证可以防止它(如问题中所示)。

First of all, the invalid purchases (all of them) have been made on rooted devices . 首先,无效购买(所有这些)都是在root设备上进行的 I've also asked some users about their purchases and one of them agreed that he is using some apk which allows to purchase IAP items for free. 我还询问了一些用户他们的购买情况,其中一人同意他正在使用一些允许免费购买IAP商品的apk。

Conclusion: everything is OK with the code, something is wrong with your users. 结论:代码一切正常,用户出了问题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Google IAP响应:-1003:购买签名验证失败 - Google IAP response: -1003:Purchase signature verification failed Google Play IAP错误1003:购买签名验证失败-使用Corona SDK - Google Play IAP error 1003:Purchase signature verification failed - using Corona SDK Google IAP会返回简短的购买令牌以进行验证 - Google IAP returns short purchase token for verification 具备Google和Facebook身份验证的Android应用程序内购买(IAP)吗? - In-app purchases (IAP) in android with BOTH Google and Facebook authentication? Android IAP的Java服务器端验证 - Java serverside verification of Android IAP 设置Android iAP购买-错误 - Set up Android iAP Purchases - error 如何在 Flutter [IAP][测试] 中测试应用内购买 - How to test in app purchases in Flutter [IAP][testing] Google电子钱包/ IAP API - Google Wallet / IAP API Google Play IAP黑客攻击? - Google Play IAP hacking? Google IAP订阅 - Google IAP subscriptions
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM