2

Scenario: The in-app billing from Google play store is well implemented inside my Android application. When a successful transaction is made, the application inform the back-end; using an HTTP hit, that a successful purchase has been made, in order to get the items bought from the HTTP reply.

Problem: I need to prevent hackers from buying items using hacking application on rooted devices.

Question: How can this purchase be verified with Google play store from the back-end side (.net framework) ?

Note that my colleague; who works on IPhone development, found a way to verify the purchase.(IPHONE purchase verification)

So Is there a way to do it on Android too ?

Nabz
  • 390
  • 2
  • 14
  • http://stackoverflow.com/questions/16067180/server-side-verification-of-google-play-in-app-billing-version-3-purchase – rogerdeuce Jan 15 '15 at 20:48
  • @rogerdeuce I got your point. But what I need is the verification of the purchase from the back-end side. Your comment describes the method to get the purchase Token and the signature. What I need is how to implement this verification from the server side. – Nabz Jan 16 '15 at 14:27
  • After user purchased, submit the purchase information with signature to your backend and verify it with your private key, if it's valid then store the order ID to your database to avoid replay. – xDragonZ Jan 27 '15 at 06:46
  • @xDragonZ Can you tell me how I can verify it from the backend ? – Nabz Jan 27 '15 at 08:16
  • Here's some example, you can try port to your own language : https://gist.github.com/menny/1985010#file-verify_market_in_app-php – xDragonZ Jan 27 '15 at 14:35

0 Answers0