Storing purchase state

[amitkot]

Moving the discussion here from #154 part (1).

you have to store the purchase state in the app in a way that it is obfuscated / hard to reverse engineer. For Android this is more important than it is for iOS; Apps will appear on APK download sites (making reverse engineering easy), not yet seen that for iOS apps.

So I gave this some thought and one possible solution for this might be to get some unique ID of the client and persist it when a purchase has been performed.

Couldn't find a unique ID that fitted this requirement. Can we get some client ID from the Google App store IAB service for that?

[keesvandieren]

We just store it in a Google Play preference so far. If anyone comes with a better solution, just comment on the issue.

[j3nda]

well, we're encrypting it. so 1) store it as a string in prefs (~which is created from: item.getSku() ~ uniqueID separated by ",") 2) and called on it: beforeSave and afterLoad, eg: SecurityUtils.encryptEncodeBase64() 2.1) yes i know, its now silly - but the mechanism is there. and we can easy replace it by some more complex encrypt technique. 2.1.1) and yes. its also to do some reverse-engineering to solve eg: password for encryption. (for us, its enough to've it on stand-alone iap)

3) we need to take care about server-side in-app-purchases and whole communication (so, i've this task as todo now!) because, we're making multiplayer rts and server MUST know about player's iap(s)!)

[MrStahlfelge]

I store it in a similar manner in my app. What server-side technology will you use?

[j3nda]

What server-side technology will you use? ideally yhis one: https://github.com/libgdx/gdx-pay/tree/master/gdx-pay-server but it isnt done, so we're planning to fork it develop, test and merge. (we're in phase (1) so, we need to implement stand-alone app iap(s) and then i will've time and focus to do this one) if u want to discuss it deeper (~on server side, just write me on fb: searchFor: "i.like.tekk")

fyi: im doing this rts game in mine spare time. if u're interrested, check it: yt: https://www.youtube.com/channel/UCEpamceiLz1OK9yHZQZVU8A fb: https://www.facebook.com/gulathegame

[MrStahlfelge]

Sorry, I don't use fb at all. ;)

So you are using a Java powered backend?

[j3nda]

yes. server: tomcat + ksoap2 + mariaDB => wsdl (easy writting) client: android+libgdx+ksoap2 (so its typical client/server app inc. network communication)