延迟验证的Andr​​oid应用程序内购买与谷歌结帐轮询API时 [英] Delay when verifying Android in-app purchase with Google Checkout Polling API

问题描述

我想从使用谷歌API结帐我的服务器验证的Andr​​oid应用内购买。按照这个其他查询（<一href="http://stackoverflow.com/questions/3459858/app-on-android-market-http-notifications-dont-come">App在Android市场 - HTTP通知不来），我没有得到任何回调，所以我使用轮询API

I'm trying to verify Android in-app purchases from my server using the Google Checkout API. As per this other query (App on Android market - HTTP notifications don't come), I get no callback so I'm using the polling API.

它的正常工作，但我得到一个5或6分钟延迟轮询接收关于转让通知之前，即使所有的信息已经是可见的用户登录到商家账户在浏览器中。检查API文档，这意味着它可能需要更长的时间，因为它指出：使用查询API，你可以检索是少于180天之久，并且是至少30分钟古时的通知。

It's working fine, except that I'm getting a 5 or 6 minute delay before the polling receives the notifications about a purchase, even though all the information is already visible to the user logged in to the merchant account in a browser. Checking the API documentation, it implies it could take even longer, as it states "Using the Polling API, you can retrieve all notifications that are less than 180 days old and that are at least 30 minutes old".

这是典型的延迟（我在英国）？是轮询API仍是推荐的方法来验证一个Android应用程序内购买？

Is this delay typical (I'm in the UK)? Is the polling API still the recommended way to verify an Android in-app purchase?

推荐答案

在我看来，试图通过服务器上的谷歌结帐轮询API来验证GP LVL和/或IAB的信息是不是最好的方法。如果你有一台服务器反正有a更好的选择。

In my opinion, trying to validate GP LVL and/or IAB information via the Google Checkout Polling API on a server is not the best approach. There's a much better option available if you have a server anyway.

正如文章确保Android的单板层积材的应用< /一>，最好的办法是验证许可证信息的受信任的服务器上。它是这样的：

As mentioned in the article Securing Android LVL Applications, the best approach is to validate licence information on a trusted server. It goes like this:

1. 请不要使用谷歌演示code; 是不稳健（不​​检查所有错误情况），并可以通过脚本甚至取而代之，例如伪造的响应（不过，如果您实现如下的服务器端的检查，这是不相关的反正）。使用 com.android.vending.licensing 直接。不包括你的谷歌开发者控制台应用程序键和您的应用程序，你不需要它。
2. 您的应用程序会询问你的服务器的一个随机数为 ILicensingService.checkLicense（）通话。您的服务器提供了一个安全的随机现时为您的应用程序。您的应用程序调用 ILicensingService.checkLicense（）与该随机数。
3. 在Android的GP拉特Servce通过 ILicenseResultListener.verifyLicense回调您的应用程序（），prodiving签名数据和签名。 （提示：带符号的数据包含了随机数，所以甚至没有重新上场攻击是可能的位置）
4. 您的应用程序经过签名的数据与签名到服务器上。
5. 您的服务器是它知道你的谷歌开发者控制台应用程序键的唯一实例。它会验证签名反对签名的数据。
6. 验证结果将有助于有关访问服务器数据的验证的决定。
7. 确保你不检查许可证过于频繁。谷歌希望你服从提供使用许可证响应的有效时间戳记（他们声称它甚至反映了15分钟退款期限）。显然，如果你存储在服务器的一侧的有效性和服务器允许的应用程序，以跳过测试步骤2中这只能是安全的。

1. Don't use the Google demo code; it is not robust (does not check for all error conditions) and can be replaced even by scripts such as to fake a response (although, if you implement the server-side check as below, that's irrelevant anyway). Use com.android.vending.licensing directly. Don't include your Google Developer Console app key with your app, you don't need it there.
2. Your App asks your server for a nonce for the ILicensingService.checkLicense() call. Your server supplies a secure random nonce to your app. Your app calls ILicensingService.checkLicense() with that nonce.
3. The Android GP LVL Servce calls back your app via ILicenseResultListener.verifyLicense(), prodiving signed data and a signature. (Hint: The signed data contains the nonce, so not even a re-play attack is possible here.)
4. Your app passes the signed data along with the signature to your server.
5. Your server is the only instance which knows your Google Developer Console app key. It validates the signature against the signed data.
6. The validation result will contribute to your authentication decision regarding access to server data.
7. Make sure you do not check the licence too often. Google wants you to obey the validity time stamp provided with the licence response (and they claim it even reflects the 15 minute refund period). Obviously, this would only be safe if you store the validity on the server side and the server allows the app to skip the test in step 2.

有一点不同，同样适用于IAB。不幸的是，IAB V3不与 getPurchases一个随机数（工作）。其原因是可能是 IAB的服务本身（而不仅仅是谷歌的应用程序侧参照code）使用缓存广泛。尽管如此，购买时，您可以通过一个 developerPayload 到 com.android.vending.billing.IInAppBillingService.getBuyIntent（） ，这将被包含在签约数据， getPurchases（）的回报。所以只要你有任何的没有的截止条件或某种的隐的（基于时间）或服务器管理明确的截止条件为-app购买，该API仍然是足够安全;该服务器将然后要求应用程序消耗过期的项目，它甚至不是一个问题，如果失败了，因为服务器仍然知道它，并能够一次又一次地要求应用程序消耗的项目。

With one difference, the same applies to IAB. Unfortunately, IAB V3 does not work with a nonce for getPurchases(). The reason is probably that the IAB Service itself (and not just the Google app-side reference code) uses caching extensively. Still, for purchases, you can pass a developerPayload to com.android.vending.billing.IInAppBillingService.getBuyIntent(), which will be included in the signed data which getPurchases() returns. So as long as you have either no expiration criteria or some kind of implicit (time-based) or server-managed explicit expiration criteria for in-app purchases, the API is still safe enough; the server would then ask the app to consume expired items and it's not even a problem if that fails because the server still knows it and can ask the app to consume the items again and again.

我希望我可以摆脱这个话题有点轻。

I hope I could shed a bit of light on this topic.

这篇关于延迟验证的Andr​​oid应用程序内购买与谷歌结帐轮询API时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！