[英]Google IAP verification has failed for many purchases
I'm using Google IAP v3 in Android app. 我在Android应用中使用Google IAP v3。 I've implemented signature checking using GoogleIabHelper
class. 我使用GoogleIabHelper
类实现了签名检查。 I'm also checking the signature on the server side with almost the same code. 我也用几乎相同的代码检查服务器端的签名。
In the server logs I've found a lot purchases are invalid. 在服务器日志中,我发现很多购买都是无效的。 Here are example data for 2 valid purchases and one invalid: 以下是2次有效购买和1次无效的示例数据:
Valid purchases 有效购买
#1
orderId: 12399363269014736759.1358132323863451
purchaseTime: 1416079768157
purchaseToken: olcgkklnpigiceancikanedj.AO-J1O...
dataSignature matches: yes
response from androidpublisher API: purchaseTimeMillis = 1416079768157, purchaseState = 0
#2
orderId: 12399363269014736759.1311230454123912
purchaseTime: 1415844666976
purchaseToken: ajkaitpnfgotgkmhlboatkmc.AO-J1O...
dataSignature matches: yes
response from androidpublisher API: purchaseTimeMillis = 1415844666976, purchaseState = 0
Invalid purchase 购买无效
orderId: 6246434551497330082
purchaseTime: 1415813103372
purchaseToken: xdavcuvdnniwwrhwemleqjdz.rSQozm...
dataSignature matches: no
response from androidpublisher API: "code": 400, "message": "Invalid Value"
As you can see data of the two valid purchases look similar. 正如您所看到的,两个有效购买的数据看起来相似。 Both dataSignatures
are correct and the androidpublisher
API returns valid data for these purchases. 两个dataSignatures
都是正确的, androidpublisher
API返回这些购买的有效数据。
Now look at the invalid purchase: 现在看看无效购买:
orderId
doesn't match the pattern of valid purchases orderId
与有效购买的模式不匹配 purchaseTime
is in the past (Wed Nov 12 2014 18:25:03 GMT+0100 (CET)) even though the purchase had been made today purchaseTime
是过去(周三2014年11月12日18时25分03秒GMT + 0100(CET)),即使购买已取得今天 purchaseToken
prefix is different after the .
purchaseToken
前缀不同之后.
(dot) (点) dataSignature
doesn't match dataSignature
不匹配 androidpublisher
API returns Invalid Value
androidpublisher
API返回Invalid Value
Pretty sure it's invalid purchase huh? 很确定这是无效的购买吧? What about 2-4 purchases like this per day. 那么每天2-4次购买怎么样? I'm wondering do IAP frauds are real problem or there's problem with my code and IAP verification. 我想知道IAP欺诈是真正的问题,还是我的代码和IAP验证有问题。 Could someone share their experience with invalid purchases using Google IAP v3? 有人可以分享他们使用Google IAP v3进行无效购物的经历吗?
After digging a little deeper it turns out there are so many ways to hack IAP, but good purchase validation prevents from it (like presented in the question). 经过深入研究后发现有很多方法可以破解IAP,但良好的购买验证可以防止它(如问题中所示)。
First of all, the invalid purchases (all of them) have been made on rooted devices . 首先,无效购买(所有这些)都是在root设备上进行的 。 I've also asked some users about their purchases and one of them agreed that he is using some apk which allows to purchase IAP items for free. 我还询问了一些用户他们的购买情况,其中一人同意他正在使用一些允许免费购买IAP商品的apk。
Conclusion: everything is OK with the code, something is wrong with your users. 结论:代码一切正常,用户出了问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.