我可以使用购物状态API来验证应用是否是通过Play商店购买的 [英] Can I use Purchase Status API to validate if app was bought via Play Store
问题描述
我有一个应用程序与我的后端进行通信,并且我希望后端只有在用户通过Play商店购买应用程序并且没有窃取应用程序时才接受和回应。所以这个想法是:
$ b $ ol
$
$ b
这样就不可能以任何方式破解应用程序,如果用户没有通过游戏商店购买它,服务器可以很容易地检测到这一点,并且没有办法伪造它
问题是,在我看来,购买状态api仅适用于应用程序购买,而不是用于检查应用程序是否通过playserver本身购买。是否有人有关于我如何做我想做的事情的信息?在我之前没有人有这个问题吗?根据
com / google / play / billing / gp-purchase-status-api.htmlrel =nofollow noreferrer>文档,如果您提供订阅式服务,购买API将提供验证在购买时提供给设备的令牌(不是用户的GMail ID)。令牌安全地嵌入(或多或少),我们认为,很难找到并复制到其他设备。
如果您担心应用程序的盗版,看看这里:
I have an application which communicates with my backend and I want the backend to accept and respond only if the user bought the app via the play store and did not steal it. So the idea is:
- User buys the app via playstore
- app communicates via server and sends the gmail address of the user who uses the app
- server asks Purchase Status API if the user bought the app with the passed gmail account
This way it would not be possible to crack the application in any way, if the user did not buy it via the play store the server can easily detect this and there is no way to fake it
the problem is it seems to me that the purchase status api is only for in app purchases and not for checking if the app was bought via the playserver itself.. Does anyone have infos how I can do what I want to do? Did no one before me had this problem?
According to the documentation, if you're providing subscription-style services, the Purchase API provides the ability to verify the token (not the user's GMail ID) provided to the device on purchase. The token is securely embedded (more or less) and is, we assume, difficult to find and copy to another device.
If you're worried about piracy of your app, look here:
How to secure my app against piracy
这篇关于我可以使用购物状态API来验证应用是否是通过Play商店购买的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
