应用内计费安全性和设计问题 [英] In-App Billing Security and Design questions

问题描述

我有几个问题连接到Android应用内计费方式：

I have a few questions connected to Android In-App Billing:

1. 时，有可能使非Market应用程序购买？据我所知，这将是一个弱点，但我一直没有机会看看是否有可能或没有。

1. Is it possible to make a purchase from non-Market app? I understand that it would be a vulnerability, but I have no opportunity to find out if it's possible or not.

我怎样才能获得国家购买某特定产品？据我了解这是可以做到使用 RESTORE_TRANSACTIONS 请求，但不建议经常使用。这不是一个理论问题。我的应用程序允许用户使用应用内结算购买的内容。内容可以从服务器上下载，并服务器必须允许仅当它被购买的内容的下载。但它不能检查，如果含量购买与否，而无需使用来自Android Market的签名响应。

How can I get purchase state for a particular product? As far as I understand it can be done using RESTORE_TRANSACTIONS request, but it's not recommended to use very often. That's not a theoretical problem. My application allows users to buy content using in-app billing. Content can be downloaded from a server, and server must allow content downloading only if it was purchased. But it can't check if content was purchased or not without using signed response from Android Market.

我怎样才能得到的价格和项目的说明从Android Market？看来，我知道答案，它的没有办法，这是可以做到，但也许我错了。这将是有检索商品的价格的可能性非常有用的。

How can I get price and description of an item from Android Market? Seems that I know the answer and it's "there's no way it can be done", but maybe I'm wrong. It would be very useful to have a possibility of retrieving item's price.

这是非常有趣的，我说你是如何解决/打算解决您的应用程序这些问题。回答上述任何一个问题将是AP preciated。

It's very interesting to me how you solved/are going to solve these problems in your apps. Answer to any of these questions will be appreciated.

推荐答案

为了：

1都能跟得上。该应用内结算的过程是市场的一部分。如果应用程序来自于其他地方，有没有办法让市场来验证应用程序的来源/真实性。

1- Nope. The in-app billing process is part of Market. If the app comes from elsewhere, there's no way for Market to verify the origin/authenticity of the application.

2 - 这是你的责任来存储购买国家特定产品。从<一个href="http://developer.android.com/guide/market/billing/billing_integrate.html#billing-implement">doc:

2- It's your responsibility to store the purchase state for a particular product. From the doc:

您必须建立一个数据库或一些其他机制来存储用户的购买信息。

You must set up a database or some other mechanism for storing users' purchase information.

RESTORE_TRANSACTIONS应保留或重新安装在设备上首次安装。

RESTORE_TRANSACTIONS should be reserved for reinstalls or first-time installs on a device.

3遗憾的是，在这个时候你是对的。文件功能请求！

3- Unfortunately, at this time you're right. File a feature request!

在此期间，一种选择是建立与应用程序引擎网站，所有内容及放大器存储目录;定价在那里，然后手动同步，在市场更新价格的应用程序引擎的服务器上的挂牌价格。然后让你的Andr​​oid应用程序从AppEngine上的服务器提取数据。这比硬编码的价格值到应用程序本身要好得多，因为你不需要让每个人都立即更新应用程序，以获得正确的定价，只要你改变一些东西。这种方法的唯一需要注意的是，如果用户在一个不同的国家，在应用内结算将在他们本国货币显示一个近似的价格，而且也没有办法给你准确地确定什么样的价格将被显示给他们。

In the meantime, one option is to set up a website with appengine, store listings of all your content & pricing there, and then manually sync prices listed on your appengine server with the updated prices in Market. Then have your Android app pull the data from the AppEngine server. This is much better than hardcoding price values into the app itself, since you don't need to have everyone update the app immediately to see accurate pricing whenever you change something. The only caveat of this method is that if the user is in a different country, in-app billing will display an approximated price in their native currency, and there's no way for you to determine exactly what price will be displayed to them.

相关，其中一个Android开发的倡导者是给在拉特/ IAP谈话在IO，所谓的规避海盗和使用许可验证库停止吸血鬼，应用内计费，和App引擎。 - 这肯定是值得的，当他们释放会话视频网站上观看

Related, One of the Android Developer Advocates is giving a talk on LVL/IAP at IO, called "Evading Pirates and Stopping Vampires using License Verification Library, In-App Billing, and App Engine." - It would definitely be worth your while to watch when they release the session videos on the website.

这篇关于应用内计费安全性和设计问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！