Sorry your browser is not supported!

So I managed to get iap working with google play but am having a few issues with it.

once a purchase has been made are you suppose to create a save file to let your app know its registered? This sounds very hack able....

Secondly when its reinstalled at a later date what is the best way to verify that its already been purchased and not run people through the same purchase windows to register again?

my code to setup the store:



2 questions about my code above...

my 3 purchase options... should those be reporting "1" if its been purchased? as they don't seem to work for me.

secondly those 3 purchase checks.... do you need an online connection for those to work? or does it make a secure save file saying the app was purchased? Or again do I make one which sounds very hack able.

I have no idea. But good questions I am considering using IAP to unlock the full game of RTA. Download it for free and then ask the user to pay for it inside the game.

Took me a while to find it, but I was certain I had asked this question before. Here's the post, its got an excellent write up from xCept...

http://forum.thegamecreators.com/?m=forum_view&t=205408&b=41

I would imagine the answer is 'yes'. I suspect that the command is actually querying the Google system. But I am not 100% sure, not having used the commands, yet.

ok so the best option is to setup a save file to check and see if it was already purchased then.

its a bummer needing to create a save file but it seems like the best option to do so the game users dont need to have an online connection after the games been purchased.


also fyi:

-using googles testing accounts work~1 to 2 hrs after setting it.
-secondly you cannot test without signing the apk and with your 64bin key from google play.
-third you need a second gmail account to test purchase.

thanks everyone!

Who owns a smart phone and doesn't have an online connection at all? If it's only to check if something was purchased or not, then that shouldn't take long.

What if I'm on a plane and really want to play RTA

I didn't think of areas where you can't get online

also its mostly tablets that don't have an online connection at all times... so I think creating the save file once purchasing is my best option.

Do you have a general data file that saves all of the game information like levels completed, scores, etc? If so I'd suggest implementing some xor encryption on that file, store the key in your bytecode, and then you can simply set a flag for the purchases. Still hackable, but fairly difficult.
Since AppGameKit won't provide you with the receipt number from Google IAP or iOS IAP you need to rely on your own methods for making a unique code for each purchase.

I don't think you're meant to check for purchase restoration unless the app has been uninstalled. Otherwise it seems like you're calling the IAP API every time the app loads just to confirm a purchase and it might lead to some odd interruptions in game flow. For instance if they can't connect to the internet as is your concern.

Another method is this:
When the user installs the app create a random string or just a few characters and store that somewhere (say the string is "nottaFoo").
When a purchase is made to unlock content then take the IAP product ID string and salt it with your random string. For example, your IAP product ID is "fullgame_unlock" after salting it you'll have "notfullgameta_unlockfoo". Then hash it with SHA1. Now store it in a separate file as your verification code.
You now have "nottaFoo" stored somewhere and you know how you've salted the IAP product ID so you can reproduce that SHA1 verification code.
It will only work for each specific installation of the app since "nottaFoo" is randomly generated. It will be really tough to crack since it's SHA1 and you're salting it with a random string. You could even go further and salt that SHA1 with a specific code and hash it again. If you can store "nottaFoo" in a file with your own xor encryption then it becomes even more difficult to hack. You can add layers on this method until you're satisfied with the level of encryption and hashing. Note that if the user uninstalls the app then they will have to go through the purchase restoration to obtain content access again.

I use a similar, but more convoluted, method to store passwords in our database. I've tried reversing the SHA1 but it seems like that is fairly impossible from the sites I've tried "decrypting" it with. SHA1 with salt is the best way to go in my opinion.

I hope this helps.