60

I have an app published to the alpha channel, with an in-app (un)managed item that costs $1.

When I purchase normally, i.e, use a credit/debit card Google returns the correct developer payload string, but if I choose to "redeem" a promo code and enter said code, Google returns an empty developer payload string, and thus authentication fails in 'onIabPurchaseFinished()'.

I should mention that this only occurs if I choose to redeem a code from the app's purchase flow, and everything works flawlessly if I open Play Store first, redeem the code, and then come back and open the app.

Is this a bug on Google's part?

EDIT: The Play Store thing is expected, since it can't know your payload and the purchase is done without having to check for it.

PEHLAJ
  • 9,980
  • 9
  • 41
  • 53
KDB223
  • 643
  • 5
  • 8
  • 1
    If I use the code from play store and then I open my app, I've got an empty string. It's obvious why, however it's really a big hole. – greywolf82 Feb 06 '16 at 14:50
  • I have the same issue so I can't validate purchases done with promo code :( – Kerwan Feb 19 '16 at 16:27
  • Same issue and got the same problem while querying purchases. I tried to contact google support via https://support.google.com/googleplay/android-developer/contact/publishing?extra.IssueType=selling. Waiting an answer... – Jérémy Reynaud Feb 25 '16 at 19:51
  • Also faced with the same issue – Vlad Hudnitsky Feb 26 '16 at 09:40
  • 2
    Update: further investigations in progress by Google team. – Jérémy Reynaud Mar 07 '16 at 12:17
  • 3
    @JérémyReynaud If the code is used inside the play store app, your app is not involved at all in the process, so it's normal that you won't receive any developer payload, play store can't know your string. – greywolf82 Mar 08 '16 at 17:57
  • 1
    @greywolf82 you're completely right. As you note in your first comment it is a big hole as the only solution for now will be to avoid checking developer payload in the getPurchases() result as we don't know if the purchase has been made "normally" or with a promotion? Google may provide a way to declare our developer payload in the developer console to cover this case, don't you think? – Jérémy Reynaud Mar 08 '16 at 22:14
  • Update: answer from Google: "Our team has looked into the behavior you reported and identified there is no bug existed. In this case, the recommendation for you is to review the whole loop of API setup and coding to ensure it works properly. Our team is trained to provide technical support for app development questions, so I'm unable to provide you further assistance on this issue." I try to ask for more information than "there is no bug"... – Jérémy Reynaud Mar 09 '16 at 08:54
  • This is the discussion in the Google support group: https://groups.google.com/d/topic/android-developers/bDiYGoL-qBs/discussion – devrocca Mar 09 '16 at 15:43
  • 5
    For information, an issue has been opened on the android-play-billing project on GitHub: https://github.com/googlesamples/android-play-billing/issues/7 – Jérémy Reynaud May 18 '16 at 18:01
  • Anyone figure out this issue yet? – DaveNOTDavid Aug 13 '16 at 19:28
  • Any update on this issue? – thiagolr Oct 17 '16 at 15:49
  • When we all are waiting for Google response - do you have any temporary solution for this problem? I don't see any possibility to check that payment was done with credit card or promo code... Do you bypass payload check for this moment? – ekstro Jan 06 '17 at 16:36
  • I had a similar problem. I ended up uninstalling the app, and then redeeming the promo code, and the app now recognizes it. it's a temporary fix, but it works @ekstro . – A P Feb 02 '17 at 10:09
  • Do you have the app published (without inapp purchase) normally (not alpha/beta)? There seems to be issues, if you dont. Dont ask me, where I read this .. – Dominikus K. Apr 11 '17 at 12:49
  • Seems you can refer to this : https://stackoverflow.com/questions/18613520/what-should-be-the-developer-payload-in-android-in-app-billing-v3-api – Jeff Bootsholz Jun 26 '17 at 04:59

1 Answers1

5

This issue was opened on the google's android-play-billing samples repo. Looks like it was ignored for a long time and was eventually closed with this comment. In short, they have following suggestions.

We reviewed our guidelines and internal APIs, and since the developerPayload is not supported across all features on In-App Billing API (including promocodes), we are removing the recommendation to use it as a security check.

As you can see in our documentation, on the page Implementing In-app Billing (https://developer.android.com/google/play/billing/billing_integrate.html) we've added a recommendation:

Caution: Don't use the developerPayload field for security validation purposes. This field isn't always available when completing tasks related to In-app Billing. For more information about security best practices, see the In-app Billing Security and Design guide.

Our recommendation is to validate on your own backend, using the Play Developer API.

Shashank Tomar
  • 861
  • 10
  • 15
  • Thanks for the info, we have to use an "optString" method to return as a fallback value an empty string "" : p.setPayload(data.optString("developerPayload")); – Jorgesys Sep 05 '18 at 16:51