Key Points of In-App Purchasing Technology for Android

Apr 13, 201322

AI Translation

This post is translated from Chinese into English through AI.View Original

AI-generated summary

This article discusses the key points of in-app purchase technology for Android applications. It mentions that the current version supports managed and subscription products. Managed products can be consumed and repurchased, while subscriptions are used for monthly or yearly subscriptions. The article also explains the steps to upload a signed APK to Google, set up managed products and subscriptions, and set prices and descriptions. It advises setting up test accounts that are different from the actual accounts for testing purposes. The article also mentions the need to include the public key from the APK publishing console in the security.java file. It emphasizes the importance of encrypting the public key or retrieving it from a server to enhance security. The use of payload for verification and to prevent middleman attacks is also recommended.

1 Currently using version 3.0, supporting managed and subscription.

2 Managed products support consumption, can be repurchased after consumption, and can also be used for one-time purchases. Handle the logic in your own code. Subscriptions are used for monthly or yearly subscriptions.

3 First, upload the signed APK to Google, create managed products and subscriptions, set prices, descriptions, and other information.

4 In the publishing console, set up test accounts. The test account cannot be the same as the published account, otherwise it cannot be purchased.

5 Obtain the public key of this APK from the APK publishing console and paste it into security.java in the APK.

6 Rebuild and upload the signed APK to the publishing console, and run the APK that has been signed with the same publishing certificate to test successfully. Otherwise, an error will occur: "this version of the application is not enabled for in-app billing."

7 Security recommendation: Do not display your public key in plaintext in the APK. At least encrypt it or obtain it from your server. Use payload to verify the responses during the purchase process to avoid man-in-the-middle attacks.