[英]Do I need to verify Android in-app billing server side?
I want to implement Google Play In-app Billing v3 on an Android app so that the user can buy an item to remove ads. 我想在Android应用上实施Google Play应用内结算v3,以便用户可以购买商品以删除广告。 After the user buy this item, ads must not be displayed on any device logged into his/her Google account. 用户购买此商品后,不得在登录其Google帐户的任何设备上展示广告。 As this app does not provide user accounts, I don't have a unique user identifier. 由于此应用程序不提供用户帐户,因此我没有唯一的用户标识符。
Do I need to store and validate purchases on my server or can I just rely on the Google Play In-app Billing library? 我是否需要在服务器上存储和验证购买的商品,还是可以仅依靠Google Play应用内结算库?
Purchased items are linked to the Google account used during the purchase. 购买的商品链接到购买期间使用的Google帐户。 You don't need a server to implement ads removal premium purchase. 您无需服务器即可实施广告删除溢价购买。
Once the user purchases the item, IAB keeps track of it and syncs it across all devices the user is logged in. The most important thing is to NOT consume the item once it has been purchased. 用户购买商品后,IAB会跟踪该商品并在用户登录的所有设备上同步该商品。最重要的是,一旦购买该商品就不要消费。
Yes for querying the purchase you don't need owned server. 是的,用于查询不需要拥有服务器的购买。 But for extra security layer protection, you should have one. 但是,要获得额外的安全层保护,您应该拥有一个。
As described here Security and Design Best Practice 如此处所述, 安全性和设计最佳实践
So you should perform signature verification on your own server. 因此,您应该在自己的服务器上执行签名验证。 And you could put developer payload string on your own server too. 您也可以将开发人员有效负载字符串放在您自己的服务器上。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.