[ANDROID] Google Play API Action required -> are plugin users affected?

[Defcon0]

system info

Ubuntu 16.04, plugin version 7.1.2, cordova 7.1, cordova android 6.3

Hello,

today I got the email from the attachment from google, telling that I‘m not using the latest Google Play Developer API, which is 3.

Is this connected to this plugin?

Thanks in advance.

Bye Defcon0

[Dexus]

Update your Android Studio (Google) SDKs?

I'm currently not sure if this is related to this plugin, but so far - i would update first all SDKs especially for older apps.

Regards, Josef

[Dexus]

But I don't think it has to do with the plugin and the SDKs, but with NodeJS modules or other modules that are used on the server side. At least that's how I would see it.

[Defcon0]

In the first paragraph after the bold „action required“ they say something about client libraries, no? Doesn‘t this plugin use the client google play billing API?

[Dexus]

@Defcon0 do you run your own validation server?

I did not get this mail if it was a mail - yet so maybe it is because i use the last version always of all sdks and clients on server side.

If yes, update the client! Or wait for @j3k0 answer.

[j3k0]

This has to do with server-side API. By client API they mean a server-side client API (a client to Google's REST API).

[mrahmadt]

Hello

I'm just testing j3k0/cordova-plugin-purchase plugin and Play Store Developer console started showing a warning recently about this issue

We’ve detected that your app is using an old version of the Google Play Developer API. From December 1 2019, versions 1 and 2 of this API will no longer be available. Update to version 3 before this date.

I don't use any server-side client or anything at all, the only thing I did was to use the examples from j3k0/cordova-plugin-purchase documentation.

https://android-developers.googleblog.com/2019/03/changes-to-google-play-developer-api.html

[geshub]

Could we reopen this, I also got the warning in my Google Play console ?

[j3k0]

I rewrote the Android code using the new API.

The PR: https://github.com/j3k0/cordova-plugin-purchase/pull/910

Please test, confirm that it works or report bugs! Thanks.

[Defcon0]

Thanks for your work! Are there any breaking changes from v7.1 to the upcoming v9 to the plugins API? In other words: will I need to change my code after upgrading your plugin?

[j3k0]

It's backward compatible, as long as you are following the API specs.

Call to .finish() was a no-op on Android for everything but consumables. It's now absolutely required: purchases need to be acknowledged. product.finish() will do the acknowledgment when required. I don't think it's a breaking change, since calling product.finish() was already a specified in the API as required.

A noticeable change will be about attaching developerPayload to purchases. It used to be something done when placing the order (store.order({ developerPayload })), but now it's something to be done when either consuming or acknowledging a purchase.

The reason is that it is now possible to purchase subscriptions and products outside the app (from Google Play) so developerPayload will have to be set differently, either by doing .finish({ developerPayload: "..." }) or by setting a property like store.androidDeveloperPayload = "...".

It's not supported in this PR so far, but I'm working on it.

[geshub]

I rewrote the Android code using the new API.

The PR: #910

Please test, confirm that it works or report bugs! Thanks.

@j3k0 Just tested the PR on Android and IOS and purchases are working ok for my APP, I'll try it in production now and see if it's resolve the warning in the Google play console. Are you going to push a new release soon ? Thanks for your hard work !

[mifkys]

@j3k0 any news on this issue? Can we use 9.0 branch?

[rafaellop]

@j3k0 I've published an updated versions of my app using the cordova purchase 9.0.0 version and Google still complains in the Play Console that my app uses obsolete Google Play Developer API . Can you guys advice? I would like to avoid a situation and probably the rest of us that none of apps is verifiying purchases against servers and disable paid features in the users app copies. In the #910 commit @j3k0 writes that the plugin is updated to be using v2 version, but Google requires v3.

[geshub]

@rafaellop Does your app use other plugins like cordova-support-google-services that could also trigger the notice ?

[rafaellop]

I have several different plugins and some of them uses the services of course which is quite common. However I've got the cordova-play-services-version-adapter which makes life easier for the mess regarding the services library. I've checked the ./platforms/android/project.properties file and there are these entries:

cordova.system.library.1=com.google.android.gms:play-services-base:11.0.4
cordova.system.library.2=com.google.android.gms:play-services-ads:11.0.4
cordova.system.library.3=com.google.android.gms:play-services-drive:11.0.4
cordova.system.library.4=com.android.support:support-v4:26.1.0+
**cordova.system.library.5=com.android.billingclient:billing:2.0.3**
cordova.system.library.6=com.android.support:support-v4:24.1.1+

I suppose the issue is rather with the entry no 5 than the play-services.

[geshub]

@rafaellop v2.0.3 of the client api seems to be the last one released.

[rafaellop]

Would it be possible that Google reports the problem with the API because of the code used on my backend? I call the Google API to verify a purchase using such a link: https://www.googleapis.com/androidpublisher/v1.1/applications and oauth: https://accounts.google.com/o/oauth2/token

[mifkys]

I think my problem was in old in-app-purchase package for node backend. I just updated it to latest version with v3 support. Let's see what will be changed

[rafaellop]

I'm pretty sure that the reason of the Google Play warning message is the API url mentioned above which I use in the backend, but if any plugin at the client side calls the *.googleapis.* URL then it is rather to blame and checking.

Do you guys think it would be enough just to change the v1.1 part of the URL to v3? There's no magic in the backend IAP verifier. It just uses the CURL from PHP to call this URLs with different parameters for different apps and decode the response receipt.

[rafaellop]

OK, I've updated my backend script which used the v1.1 API. Depending on the script complicity it's pretty simple. In my case it was just changing the URLs to be as required by v3. The json returned from the v3 API is slightly different than v1 and v2 so it also must be changed. Here's a brief summary of changes I needed in my backend so if you plan to migrate to v3 maybe the info will be also useful.

SUBSCRIPTIONS: old API URL: https://www.googleapis.com/androidpublisher/v1.1/applications/$android_bid/subscriptions/$pid/purchases/$receipt

new API URL: https://www.googleapis.com/androidpublisher/v3/applications/$android_bid/purchases/subscriptions/$pid/tokens/$receipt

IN-APP PRODUCTS: old API URL: https://www.googleapis.com/androidpublisher/v1.1/applications/$android_bid/inapp/$pid/purchases/$receipt

new API URL: https://www.googleapis.com/androidpublisher/v3/applications/$android_bid/purchases/products/$pid/tokens/$receipt

Additional changes are required by the new response from the API. I use the kind property to distinguish between subscription and inappproduct and the expiration information.

The kind property exists in both v1 and v3 json responses. The value for subscriptions is the same for v3 and v1 and it is androidpublisher#subscriptionPurchase. For inapp products the value of the property is different. Now for v3 it is androidpublisher#productPurchase while in v1 it's been androidpublisher#inappPurchase.

The last change I needed to include is the expiration time for subscriptions. In the v1 the API response returned property validUntilTimestampMsec which in v3 is renamed to expiryTimeMillis. The value is the same in both cases and it is expiration time in miliseconds.

The API response may different in other places so if you use other fields during your verification process please consult the documentation:

v1 and v2 docs: https://developers.google.com/android-publisher/archive/v1_1

v3 docs: https://developers.google.com/android-publisher/api-ref/purchases/subscriptions/get

Responses for susbcriptions in v1: https://developers.google.com/android-publisher/archive/v1_1/purchases#resource

Responses for susbcriptions in v3: https://developers.google.com/android-publisher/api-ref/purchases/subscriptions#resource

Thanks @geshub for your interest. It made me think :)

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.