fake payment (getting invalid order id inside onProductPurchased()) #311
Comments
|
Is it a bug? Sounds like you can check that ID yourself and ignore if you don't find it to be valid. |
|
Hi Tony, Thank you for your response. Yes, it's a bug. Whenever control come to onProductPurchased(), i unlock the application (provide full access to the application) but some time i did not get payment, so it's a bug. |
|
Thats not a bug in the library, it has nothing to do with the order ids. So you need to handle that on your own |
Don't. Instead, check the order ID for validity. |
|
Hi serggl, |
|
This library is only a lightweight wrapper around Google's API. |
|
Thank you @serggl and @autonomousapps for your feedback. how to check order id for validity? can you please guide? |
|
I am having the same issues. onProductPurchased called several times but no orders in the Google play console. Hope there is a resolution to this. |
|
Hey guys. This may sound unwelcome, but what you need is a proper backend to validate these purchases. Maybe Firebase? You should send the info you get in onProductPurchased to your backend to validate with the Google API independently. I haven't personally used Firebase, but perhaps it could help with this. Either that, or suffer the occasionally "hacker" getting free products. |
|
Hi guys, Now, Fake payment happened with multiple users,So the owner of this library should check for solution. Thank You |
|
It is happening pretty frequent. Almost a few times each day so I am not quite sure if this is a bug or really a fake payment attempt. I hope the author can take a look and advise us. This is a great library. |
|
I can confirm this issue is also present in a large scale production app. Our backend rejects requests with "fake" (integer) order ids several times a day. I'm curious why this happens, but I don't believe it has anything to do with this library. |
|
We solved this issue by back end validation. |
|
@edcastrahul how you solve this issue?? |
|
Hey, https://stackoverflow.com/questions/33850864/how-to-verify-purchase-for-android-app-in-server-side-google-play-in-app-billin |
I want to report a bug
What is the current behavior?
When user purchase the application then control come to onProductPurchased() method.Inside this method i got order id from TransactionDetailsObject.purchaseInfo.purchaseData.orderId but some time i got order id that start with integer number like 8456*******.********* (but as per google - order id generally start with GPA.*..).Whenever this happened, we never got payment and also it not listed inside "Order Management" section on developer console.This is like a fake payment.
I am not able to repro this issue but it happened with some of users(Application is in live state)
So, please provide solution for that.
which version of library you use
compile 'com.anjlab.android.iab.v3:library:1.0.+'
was it working in previous versions?
no
do you use fragments or not
no
how do you instanciate
BillingProcessor(singleton or not)new BillingProcessor(this, null, this);
have you uploaded it to Google Play or not (if yes, when which channel: Prod/Beta/Alpha)
on Prod
do you test with real products, or with a testing onces (e.g.
android.test.purchased)with real product
The text was updated successfully, but these errors were encountered: