0

I am adding iab to my application this days but after reading all the docs at google and doing some tests I have a doubt. When should I init the service? Is it a good time to do it at application initialization? Should I init the system every time the user wants to buy a product?

How do you handle this?

Cheers.

Notbad
  • 5,936
  • 12
  • 54
  • 100
  • 1
    Not sure what you mean by "initialize", do you mean "bind to service"? I find IAB V3 much more responsive than LVL but I guess that's due to IAB's service-internal caching. It's best practice to bind to a service only when you need it such that Android can manage resources efficiently. – class stacker Apr 29 '13 at 15:15
  • Yes, sorry, I wanted to mean when to bind to service. About your answer, do you mean I should bind/unbind everytime I need and finish working with the IAB system? Sorry if this all seems a dumb question, but I thought doing more than one bind/unbind to service was going to not be a good option. – Notbad Apr 29 '13 at 15:20
  • I thought it was time to provide more information; see my answer. Will add some links now. – class stacker Apr 29 '13 at 15:38

2 Answers2

2

Okay so it's time for a full-flavoured answer I guess.

  • You bind to/unbind from the IAB service when you need to perform a transaction or retrieve information/are finished. No need to worry about performance there because this is a local service which does not necessarily connect to Google servers when you bind to it (only exception: a purchase, but that'll take some time anyway); it follows a different strategy to decide when to go online.
  • It's a good idea to sync your app's internal idea of what the user owns with the idea of IAB, as tjPark rightly says. Whether that's at the startup of your app or only after the user makes a couple of choices depends on your app. If you need to know for your splash screen what IAB items the user owns, then do it in your splash screen Activity. If it's only becoming relevant later, it makes more sense to query the IAB service later.
  • You should also carefully think of a consumption strategy which suits your need if your IAB items can be consumed.
  • Always be aware that IAB V3 uses caching extensively so even synchronizing your app with the IAB service does not necessarily get you the latest information. E.g. when a user buys an in-app product on device 1 and wants to use it on device 2, there will be a delay until it shows up. Or if you cancel a transaction in Google Checkout/Wallet and the device is offline, you also won't know immediately.
  • Don't use Google example code without refining it to achieve product maturity.
  • Know that IAB service responses can be subject to re-play attacks because you cannot provide a nonce with your request.
  • Know that if you don't have a server-side validation then your whole IAB code could be replaced by dummy code which simply returns positive responses.
Community
  • 1
  • 1
class stacker
  • 5,357
  • 2
  • 32
  • 65
  • Thanks for the clear response. About the last 2 points they really scare me :). Anyway, I think I won't worry about them because my game is a little one. If people hack it them I'm pretty sure it would be because it performed really much more better than I expected :). Thanks a lot again for the nice answer. – Notbad Apr 29 '13 at 16:01
  • @Notbad Yes, probably not much to worry about, although there's already a script for removing standard LVL checks, and apk checksums can be faked. But that still requires a bit of expertise. Anyway, good luck, and I hope people respect your work in this schizophrenic market ("apps must be free but I want no ads, and I'm going to pay more for a coffee than for a nice app!"). – class stacker Apr 29 '13 at 16:13
  • Yes, totally agree. Things are not as beautiful as "they" wanted us to believe. – Notbad Apr 29 '13 at 16:48
  • Your answer gave me bunch of details. Thank you! – tjPark Apr 30 '13 at 13:49
1

http://developer.android.com/google/play/billing/api.html,

from above, Google said that

When your application starts or user logs in, it's good practice to check with Google Play to determine what items are owned by the user. To query the user's in-app purchases, send a getPurchases request. If the request is successful, Google Play returns a Bundle containing a list of product IDs of the purchased items, a list of the individual purchase details, and a list of the signatures for the purchases.

Checking on every init would give more protection for your products I guess

tjPark
  • 308
  • 1
  • 11
  • You mean checking every time I'm going to interact with the IAB system, don't you? This way I could do check everything before performing any transaction. – Notbad Apr 29 '13 at 15:26
  • This does not answer the question how a bind/unbind policy should be implemented. – class stacker Apr 29 '13 at 15:33
  • I mean every time user launch the app. User purchase data(and downloadable data from server) possibly be deleted by the user(clear data) or something else anytime. Also if your item is a kind of unlocking stage things, it will give a bit more burden to crack. – tjPark Apr 29 '13 at 15:40