如何获取用户从Google Play下载的应用程序列表(收费/免费)? [英] How to get list of downloaded apps (paid/free) by a user from Google Play?
问题描述
我最近遇到了这个应用程序购买应用程序 ,通过我的Google帐户登录后,可以通过某种方式检索我在Google Play中付费的应用.
I recently came across this app Purchase Apps, which is somehow able to retrieve apps I've paid for in google play after I signed in using my google account.
我想找出要完成的过程,因为我想构建一个类似的应用程序,但要下载免费的应用程序.
I'm trying to find out how it is being done as I want to build a similar app, but for the free apps which were downloaded.
我在 此处 ,因为在这里和那里我看不到有关如何执行操作以及可以执行的操作的真实答案.
I'm putting a new bounty on this question, as suggested by a similar question I've asked about here, and because here and there I don't see a real answer about how to do it, and what can be done with it.
我想将问题分解为多个部分:
I'd like to refine the questions into multiple pieces:
-
可用于获取购买的应用程序信息的API是什么?我在哪里可以读到它?请显示一个完整的可行示例.
What is the API that can be used to get information of purchased apps? Where can I read about it? Please show a full, working example of how to do it.
它还能做更多吗?也许执行搜索?也许会显示已安装的免费应用程序?也许是他们安装和卸载的时间?以及那些应用的类别?
Can it do more ? Maybe perform search? Maybe show free apps that were installed? Maybe the time they were installed and uninstalled? And the categories of those apps?
使用此API是否有特殊要求?
Are there any special requirements for using this API ?
我为此付出了最大的努力,因为无论我阅读和尝试了多少,我仍然无法制作一个POC来查询用户曾经下载过的Play商店中的应用(名称,软件包名称,安装和/或删除的日期,图标URL,价格...),包括付费和免费应用.
I'm putting a max bounty on this, because no matter how much I've read and tried, I still failed to make a POC that can query the apps from the Play Store that the user has ever downloaded (name, package name, date installed and/or removed, icon URL, price...), including both paid and free apps.
如果有人找到了有效的样本,请说明其工作方式,并说明您如何找到的(文档或导致您找到解决方案的任何内容).我在任何地方都找不到它,这里的当前解决方案对于我来说太模糊了.
If anyone finds a working sample, show how it's done, and also show how you've found about it (documentation or anything that has led you to the solution). I can't find it anywhere, and the current solutions here are too vague for me to start from.
推荐答案
问题已解决.该漏洞利用已被关闭.
Issue is resolved. The exploit has been closed.
由于要登录到Android的预览版,我们将关闭此错误.如果该问题在最新的公开发行版(Android Q)中仍然存在并且可重现,请捕获错误报告,并将错误记录在 https://source.android.com/setup/contribute/report-bugs .如果在接下来的14天内未收到答复,则将关闭此问题.谢谢您的理解.
We will be closing this bug due to being logged in a Preview version of Android. If the issue is still relevant and reproducible in the latest public release (Android Q), please capture a bugreport and log the bug in https://source.android.com/setup/contribute/report-bugs. If a reply is not received within the next 14 days, this issue will be closed. Thank you for your understanding.
最新更新:
Latest update:
这是一个错误, Google 将在下一次更新中解决.
This is a bug and Google will address it in the next update.
我们已将此问题推迟到以后的版本中考虑.谢 您有时间让Android变得更好
We've deferred this issue for consideration in a future release. Thank you for your time to make Android better
此答案已变成各种想法,并经过编辑以将评论中的讨论信息包括在内.
androidmarket api是由开发人员编写的自定义 api .它不向公众开放.
The androidmarket api, would be a customised api written by the developer. It's not available to the public.
在评论中解决您的问题.开发人员将利用Android开发人员和Google提供的当前api来创建一个管理所有这些程序的项目.
To address your concerns in the comments. The developer would have utilised the current apis available through Android Developer and Google to create a project that manages all of these.
对于访问Full Account Access,我不确定这些开发人员是如何实现这一目标的.
As for accessing Full Account Access, I'm not sure exactly how these developers have achieved this.
我建议使用 AccountManager ,它是android.accounts,可以访问凭据和方法内容提供商
I'd recommend using the AccountManager, which is part of android.accounts, has access to credentials and a method getUserData. The account manager has access to passwords and is capable of creating and deleting accounts. This, possibly used with Content Provider
回复您的评论:
此博客应该可以帮助您入门. 编写您自己的Android身份验证器.
This blog should help you to get started. Write your own Android Authenticator.
这些应用程序实际上是如何工作的,我无法告诉您.他们可能也有不同的实现方式(除非他们是幕后的协作,否则他们肯定会有所不同).
How these apps actually work, I cannot tell you. They may also have different implementations (unless they're a collaborative effort behind the scenes, they most certainly will be different).
一个猜测.首先,将 GoogleSignInAccount 与 com.google.android.gms. auth.api.signin .
One guess. Firstly use GoogleSignInAccount with com.google.android.gms.auth.api.signin.
There a definition for scope, to determine the extent of the permissions the app is granted.
.../它允许您的Web应用程序通过无线方式访问Android应用程序的安装.
.../ It lets your web app access over-the-air Android app installs.
对于示例:
GoogleSignInOptions gso =
new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestEmail().
.requestScopes(new Scope("https://www.googleapis.com/auth/contacts.readonly"))
.build();
如果可以获得完全访问权限,则可以找到帐户持有人使用的所有应用程序的列表,并将其与设备上的内容进行比较.
If full access can be gained a list of all apps used by the account holder can be found and compared to what's on the device.
包管理器将检索当前所有应用程序的列表安装在设备上.
PackageInfo 提供有关该应用程序的详细信息.
INSTALL_REASON_USER还将过滤掉用户已主动安装的应用程序.
Package Manager will retrieve a list of all apps currently installed on the device.
PackageInfo provides the details about the app.
INSTALL_REASON_USER will also filter out apps that have been actively installed by the user.
您可能希望查看 com.google. firebase.appindexing 和记录用户操作.可以跟踪不同的操作.
You might want to look at com.google.firebase.appindexing and Log User Actions. Different actions can be tracked.
可以在 https://myactivity.google.com/myactivity 中找到用户帐户历史记录.
The users account history is found at https://myactivity.google.com/myactivity.
OAuth 2.0游乐场是一个有用的链接.
此github回购 node-google-play (使用node)是最新的,并且将调用Google Play API.与用作非官方" API的存档一样, android-market- api ,以查询市场.
This github repo node-google-play, using node, is current and will call Google Play APIs. As did the archive that was used as an "unofficial" api, android-market-api, to query the market place.
应用声明使用以下权限:
版本2.1.8可以访问:
$ 应用内购买
Version 2.1.8 can access:
$ In-app purchases
其他
- 从Internet接收数据
- 查看网络连接
- 完全网络访问权限
- 在设备上使用帐户
- 防止设备进入睡眠状态
- 阅读Google服务配置
- receive data from Internet
- view network connections
- full network access
- use accounts on the device
- prevent device from sleeping
- read Google service configuration
值得注意的是,在进行基本安装时,该应用程序未设置任何权限.我没有任何付费应用程序,因此无法使用任何功能.因此,对于初始搜索-无需权限,这表明该应用无权访问我的帐户.
Noteworthy, the app doesn't set any permissions when there was a basic, install. I was unable to use any of the features, as I have no paid apps. So for the initial search - there were no permissions needed, which would indicate the app didn't have access to my account.
我检查了权限-没有设置权限.因此,唯一需要做的就是接受问题中显示的弹出窗口.
I checked the permissions - there were none set. So the only thing required was to accept the pop up, as displayed in your question.
您引用的另一个具有相同功能的应用程序更提前了解了所访问的内容.
The other app you refer to that does the same thing is more upfront about what is being accessed.
安全/隐私声明
首次运行此应用时,它将要求您对Google帐户拥有完全许可.不幸的是 访问所需信息的唯一方法.没有个人 信息已存储,未共享任何有关您的应用程序的信息 此应用的开发者,也未与任何第三方共享. 一切都只保留在您的手机上.
SECURITY/PRIVACY NOTICE
The first time you run this app, it will ask for full permission to your Google account. This is unfortunately the only way to access the required information. No personal information is stored, no information about your apps is shared with the developer of this app, nor shared with any third parties. Everything is kept on your phone only.
我已经在此博客文章中详细介绍了这些应用程序,大学的顶峰项目(无金钱收益).我倾向于认为这是对API的一种利用,而不是Google的设计状态,因为除了开发人员自己的应用程序外,没有API调用来获取购买的应用程序.我假设这是一个零日漏洞利用,在这种情况下,没有合法的方式访问此信息.
I've gone into detail over these apps in this blog post, which was for a university capstone project (no monetary gain). I'm inclined to think this is an exploit in the API and not status by design by Google, as there are no API calls to fetch purchases of apps other than the developer's own app. I hypothesize it's a zero day exploit, in which case there's no legitimate way to access this information.
这篇关于如何获取用户从Google Play下载的应用程序列表(收费/免费)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
