Android的应用内计费安全问题?安全问题、Android
在我们努力设计应用程式内计费的Android应用,我们提出了以下方案;
During our efforts to design InApp Billing for our Android App, we came up with the following scenario;
客户已经根深蒂固/可操作的设备(所以市场应用+我的应用程序不能被信任)客户购买一个产品求购状态0(购买)是发送到我们的后台(所有检查和确定),我们给予学分。的购买客户退款客户一直操纵我们的应用程序或应用程序市场局部确认退款,从而$ P $ pvent的退款通知,以达到我们的后台服务器。这是情况可能吗?我们如何解决这个问题?
Is this scenario possible? How can we fix this?
推荐答案
首先:如果用户要求退款,还收到一封电子邮件。
First: if the user asks for a refund you receive also an email.
第二:在应用内结算的购买并不由用户直接退还。如果用户想要退款,他必须与您联系,这时你可以手动进行与谷歌钱包账户退还。
Second: the purchases on in-app billing are not refundable directly by the user. If a user wants a refund, he must contact you and then you can proceed manually to refund with your google wallet account.
所以我认为您的方案尼夫发生。
So i think that your scenario neve happen.
其次如果可能的话,我建议你,如果用户要求退款使用托管的购买,在这种情况下,谷歌电子市场会记住它,你可以使用一个RESTORE_TRANSACTION检查是否一些退款发生(但再次:你必须授予退款)。
Secondly if possible i suggest you to use managed purchases, in that case if the user asks for a refund, google market will remember it, and you can use a RESTORE_TRANSACTION to check if some refunds occurred (but again: you must grant a refund).
