Do the api's provided by Apple and Google make it possible for an app coder to get a list of all transactions for all users for an inapppurchase, or a list of all approved transactions?
Similarly, is it possible to get a list of all paying users who have made an inapppurchase?
Ideally, it would be great to do this without having to write native code (eg either using a cordova plugin or querying the app store using an http-based api).
Thanks.
On Android, it is possible to get a list of all transactions and their current state under 'Order Management' on the Google Play Console. For each transaction it provides the ID, date/time, item purchased, status, $ paid.
I haven't found comparable info for iOS. The only way to figure out about inAppPurchases is to query the app store regarding a single device (from that device).
If someone else knows a way to do what was requested in the original post, please post it.
There is an sdk/backend that is designed for this purpose, called revenuecat. It is a paid service.
Related
I've got an app which shows user's contacts inside device and allows him to make a call.
I want to show my user the last calls he has made. I was using READ_CALL_LOG permission (and was reading call log) until Google restricted access to it, then I switched to ContactsProvider to retrieve contacts and sort them by LAST_TIME_CONTACTED but now Google says this column is deprecated and effectively it will have 0 value for new versions of Android OS (see https://developer.android.com/guide/topics/providers/contacts-provider#ObsoleteData)
My app is not a default dialer (only default dialers apps are allowed to access call log) so I was wondering how I can achieve what I want in Google Policy compliant way.
I tought about storing the last contacts selected inside my own database (I know it won't be a full call log, as I will only have access to calls made from my app but that's fine for me), but don't know whether it's compliant with G Policy. I wrote an email to Google, however the person who replied said he can't help me with my question and I have to create new version of my app and ask them for review.
Does anyone know if my idea about saving contacts in my own database is compliant with G policy (please provide links from official sites). From my link (which I've provided above) I can only see that Google says
If your apps are accessing or updating these fields or APIs, use
alternative methods. For example, you can fulfill certain use cases by
using private content providers or other data stored within your app
or backend systems.
However it doesn't convince me to whether my idea is compliant
Thanks for help!
I believe you may store and use any user actions that had happened within your app.
The purpose of the policy (as stated here: https://support.google.com/googleplay/android-developer/answer/9047303?hl=en) is to prevent apps from getting access to the call-log in order to make use of it for purposes other then what users' expect, that's why the emphasis on critical core functionality of the app.
In my experience, different Google reviewers tend to review the same app very differently, and while one may reject a certain use-case based on this policy, another might approve it.
I would suggest phrasing the screen you want to create in a way that will help the reviewer understand that this data was not acquired from the call-log but some app specific actions, so for example instead of title "Call Log" which might confuse some reviewers with the risk of rejecting this update, you should title it "Recent app actions" or something like that.
I'm making a Cordova 4.0 Android app that will be sold in Google Play, and I would like to prevent illegal use of it (for example preventing someone to extract the APK from the system and re-distributing it).
One theoretical way of doing this would be by checking that when the app is launched by the user, he did actually download it from Google Play (versus being it sideloaded). I'm not even sure if this is possible or if there's an alternate way of doing something like this.
One way that works in other cases is to use require some sort of login when accessing the app, but in this case I can't do that. Any advice would be appreciated!
Google offers a way to implement validation / licensing:
http://developer.android.com/google/play/licensing/index.html
Take a look if this is what you need!
One suggestion would be for those apps which are get connected to a server to fetch some data.
App verification token
Generate an encoded 64-bit long token and store on both device & server as well. This will be a unique token per app
Whenever app tries to connect to server, it sends the device token details. Server needs to verify it before fulfilling its request.
On specific events, server can generate a new token for a device.
Same way, device token can be mapped to a user or an app on the server side.
Token could carry some app related information, for instance.
first 4 or 6 digits represent app size
second block of digits could represent user specific or device or some other details
Or another block could hold app contents modification date
In case of any change, server could verify the app size, last app contents modification dates, etc.
Generally it is recommended to uglify, obfuscate and minimize app resources before submission.
You can use the package manager class to determine the source of an app (only google or amazon currently detected)
You can similarly use google analytics which gives same information.
This is pretty neat since Android stores the source of every package, allowing apps to know where they came from, to prevent piracy and sideloading.
Great if you always publish to google or amazon. Useless if you sideload your app.
I'm searching for a tutorial or an explanation on how to remove advertisement in my application with in-app purchase?
I will put some ads with ad-mob in my app but I also want, that the user can disable the ads when he pays a little donation. Do you know a site or tutorial where I can find a step-by-step explanation how to do this?
Or do I need to publish 2 versions of my app? One with ads and one without ads for paying?
Don't use the SharedPreferences method because if the user flushes the app data or uninstalls/reinstalls your app their ad-free status will be lost.
A couple of ideas:
If your app has any kind of web based login or authorization, you can flag the user as having bought the ad free version by updating the web database's customer data and then disable ads in code following login and verification. This has the added benefit of following the user to new devices.
Use one of the several ways to get a unique device id, and store that in a web server database. On startup, query the DB to see if the device is ad-free. See Android Unique Device ID. This will only work for that particular device though.
The two apps approach is simple enough to get the job done too. :)
This presentation seems to explain an example and includes a link to source code at github:
http://gotocon.com/dl/2011/GeekNights/Tjen_penge_p%C3%A5_Android_ARH.pdf .
It stores the purchased upgrade at a sharedpreference.
However, I'm still looking for a more secure and robust solution that works out the use-case explained here:
http://vlingo-en.custhelp.com/app/answers/detail/a_id/1785/~/moving-in-app-purchase-(ad-removal)-to-new-android-phone/p/180
I have a few questions regarding android market(Google play). How can I list my published application by accessing from my google account? What I have done so far is using my application package name as a query string to search my application and display all information which I used android market api to do it. Is there another better way to display all my published or installed applications by accessing from my google accounts?
My second question is about detecting number of downloading and installations of my published application. I have found only google analytics so far(for free) which I need to embedded some codes to monitoring my application. Is it possible for me to access those information from android market publish page . I have found that publish page contains information that I need.
Edited: For second question, I would like to obtain statistical information without adding any new code to my application. Is it possible to provide only google account to grant the permission to get those information?
My application is published. If I am using google analytics to monitoring my application do I need to start my counting from zero?
Sorry for my English and my little knowledge about this.
Thanks in advance..
Edited: .. I have found an application, called "analytics" that is what exactly I want to do. But I still cannot figure it out how it works..
The only place you will find this kind of information is on your Developer page. That said, if I were wanting to do what you are, I would put up an app on App Engine that either parsed my Dev page on request, or on a schedule. I mention App Engine as personal preference here, you could obviously use anywhere you can host scripts on.
You can then do what you like with the data you have collected, and your app can request this from your site. Assuming you have no qualms with publicising these numbers, you wouldn't need to scare users by authenticating, and would just need a plain html request.
Edit:
In your language of choice, you would need to request your developer page (the one that lists apps and their install count) and would also need to authenticate as yourself to get it. It's for this reason I would use your own hosting if you can. I can't be more specific than this, as I don't know what language you're most likely to be using. It should be trivial to find out how to do an html request and step through the page in whatever language it is though. App Engine pages are written in Java or Python and deployed to the server, while other obvious options are PHP or Perl. On my own server I would most likely use Perl as it's ideal for ripping up html with regexps.
As Google stores your purchases of Android apps, I was wondering if they are somehow offering a webservice that can be used to check if a certain app has been purchased. To me this seems the most secure way of distinguishing free and paid users from within my app.
It would not only defeat piracy, but would also allow for managing a database of legally registered users, by a one-time check through this service.
What are your solutions to this matter?
Google provides a library for you. See here.
Note that this has been compromised in unprotected apps, so you should use something like ProGuard. The link above contains more information.
Finally, keep in mind that the Android Market is not the only app market for Android out there. Amazon has their own DRM.
At this particular moment there is one way to check.
The Android Market authenticates purchases through Google Checkout, but Google has not implemented the Checkout API to synchronize Market purchases. So calls like that check the status of an order do not work. Maybe Google doesn't want dev's to get a hold of customer emails? Either way, I do not know why it does not exist, it seems to me that if Google simply made this service available we could implement a far more superior security system that would better utilize the methods of obfuscation. As it is at the moment, a hacker can simply look for a specific class like the ILicenceService and hook it.
The only way at the current moment is to download a list of current purchases. You can do this using an authenticated http call. The drawbacks to doing this are pretty large though. First, the list it provides only extends back 31 days (so you've got to make sure you keep everything). Second, you would have to call and parse at least every ten minutes. Actually faster than that, most users want to play their games when they buy them. Third, if your service, or server goes down, that is precious information that is being requested almost instantly by your users.
I don't know how many dev's are currently utilizing this process, I considered it, but am just going to keep complaining to Google for a better method.
You could piggy back off of the LVL. I have just implemented a similar system.
Perform Check via LVL.
On success make a post to your own web server and store whatever details you need, i.e. DeviceID etc.
You could also perform checks to your own server even when the LVL check fails and allow things like trial periods etc.