I'm thinking about putting an half-developed app idea up on Indie GoGo (worldwide variant of Kickstarter) but am considering how to handle delivery.
I need to make sure that just the right people can get the app they pledge for, do you know if there's a way to bind certain users to an app so only they can download it? I was thinking of using the e-mail of their Google account since they need one anyway.
I would then upload the same app publicly for a higher price for everybody else once it's done. If this way isn't supported, do you know how other people have solved this?
I guess it will be hard to do. But I have some ideas that you can use:
First of all if you have emails of your subscribers then you can directly send them your app.
If you want to place your application on Google Play then it's more difficult. I hope the following approach can be used. You can create a stub for your application. This stub during the run will check if a user possesses with some purchased item. If he possess then you simply start your application (inside your application you can also put this type of checks to be more difficult to crack your application). If the user does not have this item you propose him to buy it. During this you check if the user is in your list. If he is then you select one price if not then another.
These are just my thoughts. I've never implemented something similar.
Related
Is there a way that you can track a user left a comment about your app at Play Store? What I'm looking for is to automatically detect it. I'd like my app to know whether the user actually left a comment or not. Something like a listener, but anyway I can use an external API if needed.
I don't think there's any official API to work with the Play Store.
There are, though, many unofficial APIs out there; This one seems promising, if it's up to date. You can use it to grab all the comments on your app, then use the AccountManager to get the user Google ID, and compare their ID with the commentors IDs to check whether they have left a comment or not.
I've seen this question: Android - how to check if in app purchase has already been done?
It is not very clear to me however. I am using the AndroidBillingLibrary, mentioned in the answer, and I have a couple of questions.
When using restoreTransactions(), does that mean that at that point the purchases are stored on the device itself? Couldn't that be manipulated somehow?
And what if I buy an item on an other device, how does the first device know this? Do I need to restore again?
Thanks in advance
For the first question, every purchase is managed with an ID, thus only managed items work with restoreTransactions(). Also, restoreTransactions() does not work for reserved Product IDs. Thus it is still safe.
Ideally you should call restoreTransactions() every time the app runs. The Key thing is that all transactions are paired with the device/user ID (not sure how Google handles authentication on their server side but I assume it is using a combination of your Google account as well as the phones that the Google account is paired to).
So, if someone were to modify the transaction file, it will get invalidated when it is compared to the logfile on Google's side.
Hope this clarifies things :)
I ask this question expecting the answer to be 'not possible', as I have attempted to research this already and found no fruit! I thought that I would give the community a chance to weigh in however.
I have a working in-app billing system, but what I want is to be able to provide a little extra bit of infomation with the billing request. Something that would show up in my market place stats.
My users have the option of buying several different levels of product (sort of a Base, Premium and Gold-Star sort of thing). When they purchase the product they provide me with a string that represents the specific thing they want the product about (such as the house number and postcode if the product was about a house).
What I want is to be able to see that extra bit of information in my market place reports, so when I see someone who has requested a refund I can see on what exact item they purchased the product. I have looked at the DEVELOPER_PAYLOAD but I don't think that it will do what I want.
If I can't find a solution this way then I will end up performing a service call and storing the data myself, but I thought I would ask you guys first!
Sorry for being vague about my app and the products it returns but I don't want to expose my app yet (plus it holds no bearing on the question!).
EDIT
Now that I have added a bounty I would like to limit the answers. As I mentioned in my original question my backup plan will me a service call to my system registering the google reference and "data packet" for the purchase.
What I am most interested in is a way to do this where my information would end up in the my market place reports. For instance, if you were to offer a physical item with your in app purchase, how would a user record shipping instructions/etc. There is a place for this in the market reports, so surely there is a way to add the data?
You can certainly use DEVELOPER_PAYLOAD for this. However, Google doesn't process it in anyway and it won't show up in reports (not sure if they store it at all). So what you need to do is send transaction info (the JSON string you receive) to your own sever, parse it and store/process/whatever the developerPayload. You can combine this with signature verification and transaction reporting if you want to. One thing to beware of is that the size is limited to 512 bytes. If you send a request with a longer string, the whole transaction will fail, and the error message is not friendly at all ('IAB-DPTL' or some such).
Of course if you need more that this, you can simply build your own webservice and send whatever data you want. If it includes personal info, etc. make sure you let people know about it and/or they can turn it off.
In order to see this in the report, assuming you have a limited set of "dynamic" data, you would probably have to create a different set of in-app items per each "item" in your game.
Then, of course, you let the game handle which list the user sees according to the "dynamic" data.
That's the only way you would see it in the reports without your own web service handling it.
For those that may find this question via Google!
It seems that the easy answer to my question is NO. You can not add extra information to your market stats with regards to in app purchases.
As I mentioned in my question (and some answers said) the work around would be to upload the transaction string to your server and then compare it to market stats yourself (using the export function from the market perhaps).
I now intend to write a system to extract market stats (likely from the csv download feature) and match it up to the strings from the IAPs. If I ever get around to writing it I will share it with the community.
I would like to use in-app billing in my android application (instead of creation 2 versions of application - free and pro). If user paid, then additional options in Preferences should be available.
My application synchronizes data with website (not my).
Each time synchronization happens, I would like to check if user paid or not.
How should I do it?
I think the easiest means for you would be to use Managed purchase. More on it is at http://developer.android.com/guide/market/billing/billing_admin.html#billing-purchase-type
The "manage by user account" purchase
type is useful if you are selling
items such as game levels or
application features. These items are
not transient and usually need to be
restored whenever a user reinstalls
your application, wipes the data on
their device, or installs your
application on a new device.
Update: website and API updated refer this now https://developer.android.com/google/play/billing/api.html
There are to many ways to do that, i will try and give you some of the most used
what about user accounts? can your application support users? if it does, its practically solved with 1 user per 1 account. just add a flag to your DB for each user. this is the most secure way, its very easy to know if someone is stealing from you thats why all MMO's (like WOW) use this type of check. you can easily know if theres more then one user on an account as well
the downside is that it requires more processing and some support is case someone's account gets stolen or other user support of that kind.
you can save a sort of key inside your application. and some other key on the server. if the key matches (either 1 to 1 or after some manipulation) then you have yourself a paid user, other you dont.when someone buys the application then change the key on the device.
just do what you dont want to do and have 2 applications for free and paid it will probably be less work then the other 2 list above.
there are many ways of doing what you want. but i'll tell you this:
most applications use method 2 but on the opposite direction, meaning serial key.
i dont think your gonna create an mmo so theres no need for option 1 unless you really dont want anyone hacking your application (which i assume no matter what you do it will be hacked in todays world. i'll advice you to trust those who pay and accept those who dont)
method 3 is just easy in my opinion especialy when you want to just remove menu options, but it also creates duplicate repositories for code.
good luck. what ever you decide is good, make a theft protection, if someone wants to steal it, they will, dont fight it (even PS3 got hacked in the end)
As Google stores your purchases of Android apps, I was wondering if they are somehow offering a webservice that can be used to check if a certain app has been purchased. To me this seems the most secure way of distinguishing free and paid users from within my app.
It would not only defeat piracy, but would also allow for managing a database of legally registered users, by a one-time check through this service.
What are your solutions to this matter?
Google provides a library for you. See here.
Note that this has been compromised in unprotected apps, so you should use something like ProGuard. The link above contains more information.
Finally, keep in mind that the Android Market is not the only app market for Android out there. Amazon has their own DRM.
At this particular moment there is one way to check.
The Android Market authenticates purchases through Google Checkout, but Google has not implemented the Checkout API to synchronize Market purchases. So calls like that check the status of an order do not work. Maybe Google doesn't want dev's to get a hold of customer emails? Either way, I do not know why it does not exist, it seems to me that if Google simply made this service available we could implement a far more superior security system that would better utilize the methods of obfuscation. As it is at the moment, a hacker can simply look for a specific class like the ILicenceService and hook it.
The only way at the current moment is to download a list of current purchases. You can do this using an authenticated http call. The drawbacks to doing this are pretty large though. First, the list it provides only extends back 31 days (so you've got to make sure you keep everything). Second, you would have to call and parse at least every ten minutes. Actually faster than that, most users want to play their games when they buy them. Third, if your service, or server goes down, that is precious information that is being requested almost instantly by your users.
I don't know how many dev's are currently utilizing this process, I considered it, but am just going to keep complaining to Google for a better method.
You could piggy back off of the LVL. I have just implemented a similar system.
Perform Check via LVL.
On success make a post to your own web server and store whatever details you need, i.e. DeviceID etc.
You could also perform checks to your own server even when the LVL check fails and allow things like trial periods etc.