如何安全地管理外部服务器上的应用内结算交易?
我正在尝试实现一个系统,使用“托管”购买和应用内计费来升级/解锁应用程序的各种功能,但由于缺乏深入的文档或示例,我陷入了困境。
我的应用程序的目的是从我自己的服务器检索/解析和显示数据,以及 http:// developer.android.com/guide/market/billing/billing_best_practices.html 指出:
如果您使用远程服务器来交付或管理内容,请让您的应用程序在用户访问内容时验证解锁内容的购买状态。
我的问题是,就实际工作流程而言,解决此问题的最佳方法是什么?
据我所知,成功购买后,我会将购买信息存储在我的服务器上以及本地应用程序中。当应用程序运行时,我会将订单 ID 发送到我的服务器,服务器将检查订单是否有效(首先检查订单是否存在于我的服务器数据库中,然后检查我是否没有手动撤销订单)无论什么原因)。
如果验证通过,服务器将向应用程序发送请求的功能已“许可”的响应,并且应用程序将向用户提供解锁的功能/内容。
我可以看到的明显问题是:
- root 用户可以轻松地更改本地应用程序的 SQLITE 数据库(或我用来存储订单信息的任何其他方法)以注入有效的订单 ID。
- 如果网络访问中断,或者我的服务器宕机,我仍然希望应用程序能够运行(使用缓存数据)并具有用户购买的所有功能。
我看到的解决第一个问题的潜在方法包括发送某种带有验证请求的设备标识符,并在我的服务器端进行监控 - 如果大量设备在短时间内访问该订单,则撤销该订单。
对于第二个问题,我无法找到适当的解决方案。我最初以为每次验证成功后,都会存储这次验证发生的时间。然后,该应用程序将继续以解锁的功能运行,例如,在上次成功验证后 48 小时内。问题是,如何安全地存储这个时间值?同样,获得 root 权限的用户可以简单地更改该值,而应用程序将不会受到任何影响。
有没有人设计过基于服务器的系统来管理应用内计费购买并可以提供一些建议?
I'm attempting to implement a system for upgrading/unlocking various features of my app using "managed" purchases with in-app billing, and I'm getting bogged down by the lack of in-depth documentation or examples.
My app's purpose is to retrieve/parse and display data from my own server, and the documentation on http://developer.android.com/guide/market/billing/billing_best_practices.html states:
If you are using a remote server to deliver or manage content, have your application verify the purchase state of the unlocked content whenever a user accesses the content.
My question is, what is the best way to go about this in terms of actual workflow?
As far as I can tell, on successful purchase I would store the purchase information on my server as well as locally in the app. When the app runs, I would send the order ID to my server and the server would check to see if the order is valid (firstly checking that the order exists in my server's database, and secondly checking if I have not manually revoked the order for whatever reason).
If that is verified, the server would send a response to the app that the requested features are "licensed", and the app would provide the unlocked features/content to the user.
The obvious problems I can see with this are:
- A rooted user could easily just alter the local app's SQLITE database (or whatever other method I use to store order information) to inject a valid order ID.
- If network access is down, or my server is down, I still want the app to be able to run (with cached data) with all the user's purchased features.
Potential ways around the first problem that I can see involve sending some sort of device identifier with the verification request, and monitoring that at my server's end - revoking the order if a large number of devices are accessing the order in a short period of time.
For the second problem, I can't figure out an adequate solution. I initially thought that each time the verification is successful, the time this verification took place would be stored. Then, the app would continue to run with the unlocked features for say, 48 hours after the last successful verification. The issue with that is, how can I securely store this time value? Again, rooted users could simply alter the value and the app would be none-the-wiser.
Has anyone designed a server-based system for managing in-app billing purchases and can offer some suggestions?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Google 许可提供了一种允许缓存的“您的许可证有效”响应保持活动状态的方法。
应用程序许可
您还可以加密您存储的数据。如果他们已经付费,他们就可以解密它。如果没有可用的网络访问,则实施与应用程序许可类似的缓存方案(当前根据 Apache 许可证版本 2.0 进行许可)。
Google Licensing provides a way to allow a cached 'You're license is valid' response to stay alive.
Application Licensing
You can also encrypt the data your are storing. If they have paid for it, they get to decrypt it. If no network access available, then implement a similar caching scheme as Application Licensing (currently licensed under the Apache License, Version 2.0).