jberkel / pay-me Goto Github PK

Are you interested in a contribution which converts this to a gradle project and allows for publishing (exclusively) as an aar?

I just got an email from Google Play regarding the In-Ap-Billing API v3:

Hello,

If you previously used the In-app billing sample code to build your in-app billing 
system, please use the recently-updated sample code as it addresses an 
exploitable flaw we recently discovered (note that this only affects the helper sample 
code; the core system and in-app billing service itself was not affected).

The affected applications are those that use the in-app billing sample library 
(specifically, the IabHelper and the Security classes in the util directory of the in-app 
billing V3 sample) and do not perform server-side verification.

An update to the sample and library that fixes this vulnerability is now available at 
code.google.com/p/marketbilling and also through the Android SDK Manager.

To apply the security update:

1. Download the updated source code for the in-app billing sample and library from 
the Android SDK Manager, which is part of the Android SDK. The in-app billing 
package is located under Extras -> Google Play Billing Library. Make sure to update 
to Revision 5. (or, alternatively, download the updated source code from the public 
repository at code.google.com/p/marketbilling).

2. Merge the new code for IabHelper.java and Security.java into your application, 
replacing the existing code.

If you prefer to apply the code changes manually, you can browse the diff at 
https://code.google.com/p/marketbilling/source/detail?
r=7bc191a004483a1034b758e1df0bda062088d840 and merge the modifications into 
the appropriate parts of your code.

Thank you for your continued support of Google Play.

Regards,
The Google Play Team

Hi jberkel, thank you very much for the code.

You are using SharedPreferences for storing the purchase status in your code sample. Of course it's not really save and you're right, when you advice to store the information in a different way. But the main problem of a "local check only" is, that the status will be reset, in case the user either reinstalls the app or uses multiple devices. What about a double check by using google billingservices? I'll try to make it clear with the following pseudo code:

bool IsPro = GetValueFromSharedPreferences();
if(IsPro)
IsPro = TryGetIsPro();

private bool TryGetIsPro(){
//request google billingservice
//if(response == requestfailed (e.g. internet connection not available || response == purchased))
return true;
return false;
}

Would it be a reasonable approach? How would the implementation look like in this case?

Thanks!

Google finally released an official billing library that removes the pain of integrating Google Play Billing in to an app, which makes pay-me obsolete now. I think README should inform potential new users about this so that they use the official library instead in their new projects.

Hey there,

Good job on the library!

A few of my users experience the following error: "Can't start async operation (launchPurchaseFlow) because another async operation(refresh inventory) is in progress"

Is this expected behavior? How am I supposed to work around this? Can I put operations in a queue?

Can you make the library an aar instead of apk-lib? Or maybe with a suffix @aar. The way it is at the moment, Android Studio is not supported at all, which makes it quite hard to maintain this dependency.