离线接受应用内购买+删除已取消的购买 [英] Honouring in-app purchases offline + removing cancelled purchases

问题描述

这篇文章标题中涉及两个项目的方法似乎相互冲突并且很难测试，正是这些极端情况导致购买的产品停止工作时客户不满意.

The approach involved with the two items in the title of this post appear to conflict with one another and are very hard to test, and it's these edge cases that result in unhappy customers when their purchased product stops working.

关于Stack Overflow的许多讨论都已经有2年多的历史了，尚无定论，它们引用了已弃用的AIDL库而不是Google Play计费服务.

A lot of the discussions on Stack Overflow are 2+ years old, inconclusive and reference the deprecated AIDL library rather than Google Play Billing Service.

我想确保用户可以离线访问我的Android应用程序的高级版本，该高级版本是通过Google Play上的一次性非消耗性应用程序内产品购买的.我还想防止客户购买该应用程序中的升级，然后激活它，然后取消/要求退款，并保留对高级功能的访问权限.

I want to make sure a user has offline access to a premium version of my Android App which is purchased via a one-time non-consumable in-app product on Google Play. I also want to protect against a customer purchasing the upgrade within the App, activating it then cancelling/requesting a refund of the purchase and retaining access to the premium feature.

文档指出，我们可以信任getPurchasesList()始终退回客户有权使用的产品: https://developer.android.com/google/play/billing/billing_library_overview

The documentation states that we can trust the getPurchasesList() to always return the products the customer has access to: https://developer.android.com/google/play/billing/billing_library_overview

但是，我还看到了一些相互矛盾的报告，即当客户下线时(例如，在长途旅行中)，getPurchasesList()后面的Google缓存最终会过期，这将导致客户失去对高级内容的访问权限.有人声称Google缓存会在12个小时后过期，但是我将手机置于飞行模式14个小时，并且仍从getPurchasesList()获得响应，因此这些声明可能已过时.

However I am also seeing conflicting reports that when the customer goes offline (for example on a long plane journey) the Google cache behind getPurchasesList() eventually expires, which would cause the customer to lose access to the premium content. Some people claim the Google cache expires after around 12 hours, however I put my phone in flight mode for 14 hours and was still getting responses from getPurchasesList(), so maybe those claims are outdated.

当Google结算缓存确实过期时，响应的结构是什么?从客户未进行任何购买或已退还购买商品的响应中可以辨别出该信息吗?假设当缓存过期时，我们收到了来自Google的空响应，我们如何确定这些之间的区别?

When the google billing cache does expire, what is the structure of the response? Is it discernible from a response where the customer has not made any purchases or had a purchase refunded. Let's say we get an empty response from Google when the cache expires, how do we know for sure the difference between:

• getPurchasesList()不包含任何购买信息，因为客户从未进行过任何购买.
• getPurchasesList()不包含任何购买的商品，因为客户获得了退款.
• getPurchasesList()不包含任何购买的商品，因为缓存已过期，但客户确实购买了商品并拥有商品.

• getPurchasesList() contains no purchases, because the customer never made any purchases.
• getPurchasesList() contains no purchases, because the customer got a refund.
• getPurchasesList() contains no purchases, because the cache expired, BUT the customer did purchase and owns the product.

除非我在某处丢失了某些内容，否则关于此重要场景，缓存生存期，如何对其进行测试等方面的官方文档似乎很少.

There seems to be very little official documentation about this important scenario, the cache lifetime, how to test it, etc. unless I am missing something, somewhere.

我当然可以维护自己对客户购买的产品的缓存，例如存储一个令牌，令牌必须至少每3天从Google计费中更新一次，否则您将失去访问权限，但这真的是正确的方法吗?

I can of course maintain my own cache of the product the customer purchased, eg. store a token that must be updated at least once every 3 days from Google Billing or you lose access, but is this really the correct way to do it?

推荐答案

恕我直言，本地存储getPurchasesList()响应绝对正确. 我会详细说明.

IMHO, locally storing the getPurchasesList() response is absolutely fine. I'll elaborate a little bit more.

这完全取决于您的威胁模型:对我而言，用户无法更改应用程序代码本身，也无法访问应用程序的私有存储.如果用户可以这样做，那么一切都会崩溃，因为用户可以愉快地删除或跳过限制应用程序功能的代码.

It all depends what's your threat model: for me, the user can't alter the app code itself nor access the private storage of the app. If a user could do that, then everything falls apart as the user can happily remove or skip the code that limits the app features.

因此，鉴于用户无法更改应用程序或无法访问应用程序私有存储的威胁模型，您可以轻松地缓存getPurchasesList()响应令牌并在设备离线时使用它.

So, given a threat model of an user unable to alter the app nor access the app private storage, you can easily cache the getPurchasesList() response token and use it when the device is offline.

很明显，对令牌的任何更新也必须反映到缓存中. (例如过期或退款状态)

Obviously, any update to the token must be reflected to the cache as well. (e.g. expired or refunded states)

我也同意您的看法，即Google没有提供有关如何处理极端情况的足够信息，它们只是向人们展示了一切都可以正常运行的令人高兴的情况.

I also agree with you that Google doesn't provide enough information on how to deal with edge cases, they just show the happy case where everything perfectly works.

我必须承认，我没有彻底研究他们提供的示例应用程序: https://github.com/android/play-billing-samples

I must admit I didn't thoroughly look at the sample apps they provide: https://github.com/android/play-billing-samples

这篇关于离线接受应用内购买+删除已取消的购买的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！