[TUT] Simple InApp Billing / Payment

ratso · by **ratso** » Tue May 03, 2011 1:55 am

Thanks, great idea.

On a related note, i'm still unsure as to what parameters i need to supply to the restoreTransactionInformation() method.

Based on the docs, it's a "cryptographically secure" number-used-once. The docs also say that the message includes a "signature." is this something i should be able to decrypt somehow to insure it's a legit android market response?

Is there a standard practice for generating Nonces, and verifying signatures?

all this security stuff is pretty foreign to me...

blundell · by **blundell** » Tue May 03, 2011 10:15 am

This is the most complex part of in app billing, I skipped over it to keep this tutorial simple, if you need more information take a look at the BillingSecurity.java class, also it's explained well here: http://developer.android.com/guide/mark ... signatures (Also shows you how to generate nonces).

papo · by **papo** » Sat May 21, 2011 1:19 pm

Hello blundell,

I'm currently testing the In-App Billing, but I've a problem with the DEVELOPER_PAYLOAD. I set the payload with following lines of code:

Syntax: [ Download ] [ Hide ]

Using java Syntax Highlighting

Bundle request = makeRequestBundle("REQUEST_PURCHASE");
request.putString(C.DEVELOPER_PAYLOAD, "testing123");
Parsed in 0.030 seconds,  using GeSHi 1.0.8.4

C.DEVELOPER_PAYLOAD is:

Syntax: [ Download ] [ Hide ]

Using java Syntax Highlighting

public static final String DEVELOPER_PAYLOAD = "DEVELOPER_PAYLOAD"
Parsed in 0.030 seconds,  using GeSHi 1.0.8.4

Follwoing response returned from the Market Server:

Code: Select all: {"nonce":9005407554096378381,"orders":[{"notificationId":"android.test.purchased", "orderId":"transactionId.android.test.purchased", "packageName":"com.mypackage", "productId":"android.test.purchased", "purchaseTime":1305429187752, "purchaseState":0}]}

In the response the DEVELOPER_PAYLOAD is completely missing. What did i wrong?

Thanks in advance!

blundell · by **blundell** » Sat May 21, 2011 3:15 pm

Is it because you are using Android's test purchase, have you tried it with an item you create on the android market?

papo · by **papo** » Sat May 21, 2011 4:32 pm

No not yet, have you experience with the usage of the DEVELOPER_PAYLOAD field with an item which was created on the android market?

Do you maybe know an alternative to the DEVELOPER_PAYLOAD? I'm using unmanaged (managed is not possible for me) items, and the idea was to fill in an id (=primary key from my DB) in the DEVELOPER_PAYLOAD field to identify the async response.

papo · by **papo** » Wed May 25, 2011 4:34 pm

No idea?

blundell · by **blundell** » Wed May 25, 2011 5:10 pm

Haven't used this myself yet no.

I googled round and found your 3 posts :-)

no responses anywhere then?

Your using it to pass a primary key up to the server and back down? Why not just store the ID locally in a cache and if they payment succeeds retrieve it? Sorry I don't know your exact scenario.

behelit · by **behelit** » Fri May 27, 2011 5:15 am

Great tut, it works well but I think almost everyone would need the ability to check if something has already been purchased.

I don't see why they wouldn't let the market store this? Sure it's added security if you store it on your own server but who has the resources to do that...

The only other option is to store it on the device in an encrypted format which is somehow linked to the device id to stop others using the same file.

ksafez · by **ksafez** » Fri Jun 03, 2011 9:00 pm

I'm getting NullPointerException on the 2nd of these two lines (line 251 of BillingHelper.java):

Code: Select all: ArrayList<VerifiedPurchase> purchases = BillingSecurity.verifyPurchase(signedData, signature); latestPurchase = purchases.get(0);

Any idea why this is happening? I entered my publisher ID, and am using "android.test.purchased" as the item ID.

I should also note that the app is not yet published on the Market. Is this required?

blundell · by **blundell** » Sat Jun 04, 2011 12:07 am

You dont enter your publisher key, you enter your "Public Key" this is found on the Android Market Publisher Site.

What does your LogCat say, any errors?

No you don't have to publish it, just have it uploaded and saved.

reubenb87 · by **reubenb87** » Thu Jun 16, 2011 12:43 pm

After much frustration getting in app billing to work, almost tearing my hair out, found out that you must:

1. Use a @gmail.com email address for testing
2. Publish the app, I can not get it to work without it being published (may just be a problem for some people though)

Thanks for your code.

Xazen · by **Xazen** » Mon Jun 27, 2011 10:43 am

I have got a few questions:

I tried to do the changes in the purchaseStateChanged Activity. After I bought an in-app product and reinstall the whole app this method will be called automatically in order to set the in-app product to PURCHASED. Will there be any security problems if I do the changes in this method ?

Is it possible to retrieve transaction information without an own database? I am pretty confused by the on "getPurchaseInformation", "restoreTransactionInformation", nonces etc.

Can someone give me a short outline of it, please?

blundell · by **blundell** » Mon Jun 27, 2011 1:05 pm

I wouldn't worry about the security for your first few projects, if you've just got a small app the hackers aren't going to come running. Once you have got the concepts down you can then start to implement more security.

It is only possible to retrieve transactions for 'manages purchases'. These are the one off purchases.

Maybe this helps:
http://developer.android.com/guide/mark ... chase-type

The "manage by user account" purchase type is useful if you are selling items such as game levels or application features. These items are not transient and usually need to be restored whenever a user reinstalls your application, wipes the data on their device, or installs your application on a new device.

Items that are unmanaged do not have their transaction information stored on Android Market, which means you cannot query Android Market to retrieve transaction information for items whose purchase type is listed as unmanaged. You are responsible for managing the transaction information of unmanaged items. Also, unmanaged items can be purchased multiple times as far as Android Market is concerned, so it's also up to you to control how many times an unmanaged item can be purchased.

Xazen · by **Xazen** » Mon Jun 27, 2011 3:30 pm

It's not such a big project, but I already found someone who cracked the full version. So I believe I should implement more security already.

My InApp puchases are "manage bye user account" purchases. But I still don't get how restoreTransaction works. I this Code in the onCreate():

Code: Select all: BillingHelper.restoreTransactionInformation(BillingSecurity.generateRandomNonce());

But I got an Error "BillingHelper is not fully instatiated". It takes to long to start the service. Is there something like OnBillingHelperInstantiatedListener? Where does restoredTransactionInformation save the information?

blundell · by **blundell** » Mon Jun 27, 2011 4:07 pm

Yes you need to call your restoreTransaction AFTER the service has been bound. There is a callback once this is done.

[TUT] Simple InApp Billing / Payment

Re: [TUT] Simple InApp Billing / Payment

Re: [TUT] Simple InApp Billing / Payment

Re: [TUT] Simple InApp Billing / Payment

Re: [TUT] Simple InApp Billing / Payment

Re: [TUT] Simple InApp Billing / Payment

Re: [TUT] Simple InApp Billing / Payment

Re: [TUT] Simple InApp Billing / Payment

Re: [TUT] Simple InApp Billing / Payment

Re: [TUT] Simple InApp Billing / Payment

Re: [TUT] Simple InApp Billing / Payment

Re: [TUT] Simple InApp Billing / Payment

Re: [TUT] Simple InApp Billing / Payment

Re: [TUT] Simple InApp Billing / Payment

Re: [TUT] Simple InApp Billing / Payment

Re: [TUT] Simple InApp Billing / Payment

Who is online