支持离线应用内购买 + 删除取消的购买 [英] Honouring in-app purchases offline + removing cancelled purchases
问题描述
本文标题中涉及的两个项目的方法似乎相互冲突,并且很难测试,正是这些极端情况导致客户在购买的产品停止工作时不满意.
The approach involved with the two items in the title of this post appear to conflict with one another and are very hard to test, and it's these edge cases that result in unhappy customers when their purchased product stops working.
很多关于 Stack Overflow 的讨论已有 2 年以上的历史,没有定论,并且引用了已弃用的 AIDL 库而不是 Google Play 计费服务.
A lot of the discussions on Stack Overflow are 2+ years old, inconclusive and reference the deprecated AIDL library rather than Google Play Billing Service.
我想确保用户可以离线访问我的 Android 应用的高级版本,该应用是通过 Google Play 上的一次性非消耗性应用内产品购买的.我还想防止客户在应用内购买升级、激活它然后取消/请求退款并保留对高级功能的访问权限.
I want to make sure a user has offline access to a premium version of my Android App which is purchased via a one-time non-consumable in-app product on Google Play. I also want to protect against a customer purchasing the upgrade within the App, activating it then cancelling/requesting a refund of the purchase and retaining access to the premium feature.
文档声明我们可以信任 getPurchasesList() 始终返回客户有权访问的产品:https://developer.android.com/google/play/billing/billing_library_overview
The documentation states that we can trust the getPurchasesList() to always return the products the customer has access to: https://developer.android.com/google/play/billing/billing_library_overview
但是,我还看到相互矛盾的报告,即当客户离线(例如在长途飞机旅行中)时,getPurchasesList() 后面的 Google 缓存最终会过期,这将导致客户无法访问优质内容.有些人声称 Google 缓存会在 12 小时后过期,但我将手机置于飞行模式 14 小时后仍然收到来自 getPurchasesList() 的响应,所以这些说法可能已经过时了.
However I am also seeing conflicting reports that when the customer goes offline (for example on a long plane journey) the Google cache behind getPurchasesList() eventually expires, which would cause the customer to lose access to the premium content. Some people claim the Google cache expires after around 12 hours, however I put my phone in flight mode for 14 hours and was still getting responses from getPurchasesList(), so maybe those claims are outdated.
当谷歌计费缓存过期时,响应的结构是什么?是否可以从客户未进行任何购买或已退款的响应中辨别出来.假设当缓存过期时我们从 Google 得到一个空响应,我们如何确定两者之间的区别:
When the google billing cache does expire, what is the structure of the response? Is it discernible from a response where the customer has not made any purchases or had a purchase refunded. Let's say we get an empty response from Google when the cache expires, how do we know for sure the difference between:
getPurchasesList()不包含任何购买,因为客户从未进行过任何购买.getPurchasesList()不包含任何购买,因为客户获得了退款.getPurchasesList()不包含任何购买,因为缓存已过期,但客户确实购买并拥有该产品.
getPurchasesList()contains no purchases, because the customer never made any purchases.getPurchasesList()contains no purchases, because the customer got a refund.getPurchasesList()contains no purchases, because the cache expired, BUT the customer did purchase and owns the product.
似乎没有关于这个重要场景、缓存寿命、如何测试它等的官方文档,除非我在某处遗漏了什么.
There seems to be very little official documentation about this important scenario, the cache lifetime, how to test it, etc. unless I am missing something, somewhere.
我当然可以维护自己的客户购买产品的缓存,例如.存储必须至少每 3 天从 Google Billing 更新一次的令牌,否则您将失去访问权限,但这真的是正确的方法吗?
I can of course maintain my own cache of the product the customer purchased, eg. store a token that must be updated at least once every 3 days from Google Billing or you lose access, but is this really the correct way to do it?
推荐答案
恕我直言,本地存储 getPurchasesList() 响应绝对没问题.我会详细说明.
IMHO, locally storing the getPurchasesList() response is absolutely fine.
I'll elaborate a little bit more.
这完全取决于您的威胁模型是什么:对我来说,用户不能更改应用程序代码本身,也不能访问应用程序的私有存储.如果用户可以这样做,那么一切都会崩溃,因为用户可以愉快地删除或跳过限制应用功能的代码.
It all depends what's your threat model: for me, the user can't alter the app code itself nor access the private storage of the app. If a user could do that, then everything falls apart as the user can happily remove or skip the code that limits the app features.
因此,鉴于用户无法更改应用程序或访问应用程序私有存储的威胁模型,您可以轻松缓存 getPurchasesList() 响应令牌并在设备离线时使用它.
So, given a threat model of an user unable to alter the app nor access the app private storage, you can easily cache the getPurchasesList() response token and use it when the device is offline.
显然,对令牌的任何更新也必须反映到缓存中.(例如过期或退款状态)
Obviously, any update to the token must be reflected to the cache as well. (e.g. expired or refunded states)
我也同意你的观点,谷歌没有提供足够的信息来说明如何处理边缘情况,他们只是展示了一切都很好的情况.
I also agree with you that Google doesn't provide enough information on how to deal with edge cases, they just show the happy case where everything perfectly works.
我必须承认我没有仔细查看他们提供的示例应用程序:https://github.com/android/play-billing-samples
I must admit I didn't thoroughly look at the sample apps they provide: https://github.com/android/play-billing-samples
这篇关于支持离线应用内购买 + 删除取消的购买的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
