Reputation: 3337
Android in-app purchase: are developer payload and nonce negligible for an app with no accounts, no subscriptions, no downloads?
My app just has a in app purchase for full license. It has no subscriptions, no downloads of items from any server. The license purchase is performed just one time and accounts are not managed so just the Google account is relevant. The Google account is the user. I am pointing all this out because I have strongly protected the private key and the sku name and deem it is enough for my app.
Is strongly protecting the private key and the sku name enough for an app like mine? I think it is enough: no developer payload (no accounts) or nonce (no replay attacks) are needed. Am I right or wrong?
Upvotes: 0
Views: 208
Answers (1)
Reputation: 575
Might be good idea to implement android's own licensing as it will save you many troubles and will let you have better track of the licenses your customers have adquired, check this out:
http://developer.android.com/google/play/licensing/index.html
It also explains best practices, and takes on the subject of ofuscation to patch up your data security.
Upvotes: 0
Related Questions
- Verifying android in app purchase using developer payload
- Why is it important to set the developer payload with in-app billing?
- What will happen if leave "developer payload" as blank Google Play In-app Billing
- developer payload
- Testing Android In-App purchases with unpublished apps
- Android in-app billing developer payload
- Android In-app Purchase Fees
- Android App purchase clarification
- Android InApp Billing - what are really nonces for?
- Android in-app billing: what is the "developer payload" and how the "Buy" button works?