2

I want to design an offline payment method where the user can use the app for duration of the payment only. I want the payment duration to be reliable even though the user changes their phones time/date.

I've tried using AlarmManager to periodically update remaining payment counter. But this doesn't work when the user sets the date to the past, I've tried to listen to DATE_CHANGE broadcast. But that also doesn't get broadcast when the date is set to the past.

I want to know what is the right way of implementing this type of functionality. Any advice is highly appreciated.

edit 1

The app is designed for places that don't have reliable internet. So most of the time, the app is used offline. So, I can't assume there will be internet connection to check the correct time.

edit 2

time date set broadcast not firing in the past

ASOP issue

Community
  • 1
  • 1
fuadj
  • 434
  • 4
  • 10
  • Do not use comments for new information. Edit the question instead. Anyway have you considered using the the GPS as time source. AFAIK it is way harder to fake. – Robert Sep 03 '16 at 16:29
  • How can I reliably get correct time from GPS. And also, do I need to enable location to do it. What would happen if the user doesn't allow location for the app? – fuadj Sep 03 '16 at 16:32
  • They you do not allow the user to use your app? Anyway your concept doe snot make sense. If you have no connection how does the app knows at what time it is inside or outside of an "duration of the payment"? Anyway what do you want to achieve with such a limitation? – Robert Sep 03 '16 at 16:37
  • Thanks for the replays btw. The payment receipt is issued by our server. So when a user needs to pay a subscription fee, it will connect to the Internet. But that doesn't always happen. (e.g: the user can pay for a service that lasts for 2 months and use the app for the 2 months in offline mode, without any internet connectivity. When that period is up, the app needs to asks the user to re-new their subscription payment). – fuadj Sep 03 '16 at 16:40
  • Have you tried TIME_CHANGED Broadcast, it might also fire if only the date is set but I'm not sure – J j Sep 03 '16 at 16:41
  • @fuadj What you describe has nothing to do with payment, it is a time-restricted license. – Robert Sep 03 '16 at 16:44
  • I've updated my question regarding the broadcast, it is not being fired when the user "rewinds" the time. It is apparently a google bug – fuadj Sep 03 '16 at 16:45
  • Yes, our app service is on a time-restricted license. – fuadj Sep 03 '16 at 16:49

1 Answers1

3

To make it clear without Internet access there is no definite way to solve your problem. The only thing you can do is to monitor all time sources you have access to and compare them to detect manipulations (check regularly and record data).

This will not make it impossible to use the app after the license has expired but it makes it harder.

First time source: Device clock

You can monitor it in regularly, e.g. using a CountDownTimer in a service. Record the UTC time (without time zone) in your app and make sure it only increases and never decreases.

Second time source: GPS

See Sync Android devices via GPS time?

Third time source: Cell network

AFAIK at least some cell networks have an internal time. Not sure how and if you can access that on android.

Fourth time source: Internet

If you detect an active Internet connection get the time from a trusted time source.

Robert
  • 39,162
  • 17
  • 99
  • 152