Android In-App Billing @ Barcelona GTUG

2,716 views
2,553 views

Published on

Published in: Technology, Economy & Finance
0 Comments
7 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,716
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
7
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Android In-App Billing @ Barcelona GTUG

    1. 1. Android In-App Billing Demystified
    2. 2. Agenda• In-App Billing Overview• In-App Billing in Android• Android Market Billing Service• Android Billing Library• Administering & Testing In-App Billing• Security Best Practices
    3. 3. Freemium
    4. 4. Digital goods
    5. 5. Digital content
    6. 6. Subscriptions
    7. 7. Virtual currency
    8. 8. IAB for the user...• Faster• Simpler• Contextual• “Harmless”• “Inexpensive”
    9. 9. IAB generates more sales
    10. 10. Agenda• In-App Billing Overview• In-App Billing in Android• Android Market Billing Service• Android Billing Library• Administering & Testing In-App Billing• Security Best Practices
    11. 11. Options• Android Market In-App Billing• PayPal Mobile Payments Library• Others• Any web payment processor• Custom implementation
    12. 12. Android Market IAB• Android Market only• 30% of the sale price• Android 1.6 upwards• Only digital goods
    13. 13. PayPal Mobile Payments• Starts at 2.9% of the sale price + transaction fee• Android 1.5 upwards• Physical goods allowed
    14. 14. Others• Paythru• Movend• Open Payments• And a long list of other dubious looking websites
    15. 15. “All fees received by Developers for Productsdistributed via the Market must be processed by the Markets Payment Processor.” http://www.android.com/us/developer-distribution-agreement.html
    16. 16. Agenda• In-App Billing Overview• In-App Billing in Android• Android Market Billing Service• Android Billing Library• Administering In-App Billing• Security Best Practices
    17. 17. Pre-requisites• Services• AIDL• BroadcastReceiver• PendingIntent
    18. 18. Overviewapp Android IAB Marketrequests Server
    19. 19. Messaging sequence
    20. 20. IAB requests• CHECK_BILLING_SUPPORTED• REQUEST_PURCHASE• GET_PURCHASE_INFORMATION• CONFIRM_NOTIFICATIONS• RESTORE_TRANSACTIONS
    21. 21. IAB requests• MarketBillingService interface defined in an Android Interface Definition Language file (IMarketBillingService.aidl)• IAB requests sent by single IPC method (sendBillingRequest()) of the interface• Request type and parameters are sent as a Bundle
    22. 22. Binding to MarketBillingServicetry {  boolean bindResult = mContext.bindService(    new Intent("com.android.vending.billing.MarketBillingService.BIND"), this,    Context.BIND_AUTO_CREATE);  if (bindResult) {    Log.i(TAG, "Service bind successful.");  } else {    Log.e(TAG, "Could not bind to the MarketBillingService.");  }} catch (SecurityException e) {  Log.e(TAG, "Security exception: " + e);}public void onServiceConnected(ComponentName name, IBinder service) {  Log.i(TAG, "MarketBillingService connected.");  mService = IMarketBillingService.Stub.asInterface(service);}
    23. 23. Request bundle parameters• Shared • BILLING_REQUEST: request type • API_VERSION: 1 • PACKAGE_NAME: app package• Specific • ITEM_ID, NONCE, NOTIFY_ID, DEVELOPER_PAYLOAD
    24. 24. Request bundleprotected Bundle makeRequestBundle(String method) {  Bundle request = new Bundle();  request.putString(BILLING_REQUEST, method);  request.putInt(API_VERSION, 1);  request.putString(PACKAGE_NAME, getPackageName());  return request;}
    25. 25. Making a requestBundle request = makeRequestBundle("REQUEST_PURCHASE");request.putString(ITEM_ID, mProductId);Bundle response = mService.sendBillingRequest(request);
    26. 26. IAB responses• The IAB service responds to every request with a synchronous response• Followed by 0..N asynchronous responses depending of the request type
    27. 27. Synchronous responses• RESPONSE_CODE: status information and error information about a request• REQUEST_ID: used to match asynchronous responses with requests• PURCHASE_INTENT: PendingIntent, which you use to launch the checkout activity. REQUEST_PURCHASE only.
    28. 28. Asynchronous responses• Broadcast intents: • RESPONSE_CODE • IN_APP_NOTIFY • PURCHASE_STATE_CHANGED
    29. 29. Receiving async responses public void onReceive(Context context, Intent intent) {    String action = intent.getAction();    if (ACTION_PURCHASE_STATE_CHANGED.equals(action)) {      String signedData = intent.getStringExtra(INAPP_SIGNED_DATA);      String signature = intent.getStringExtra(INAPP_SIGNATURE);      // Do something with the signedData and the signature.    } else if (ACTION_NOTIFY.equals(action)) {      String notifyId = intent.getStringExtra(NOTIFICATION_ID);      // Do something with the notifyId.    } else if (ACTION_RESPONSE_CODE.equals(action)) {      long requestId = intent.getLongExtra(INAPP_REQUEST_ID, -1);      int responseCodeIndex = intent.getIntExtra(INAPP_RESPONSE_CODE,        ResponseCode.RESULT_ERROR.ordinal());      // Do something with the requestId and the responseCodeIndex.    } else {      Log.w(TAG, "unexpected action: " + action);    }  }
    30. 30. Check Billing Supported
    31. 31. Check Billing SupportedParameters BasicSync response keys RESPONSE_CODE RESULT_OK RESULT_BILLING_UNAVAILABLEResponse codes RESULT_ERROR RESULT_DEVELOPER_ERRORAsync response RESPONSE_CODE
    32. 32. Request Purchase
    33. 33. Request Purchase BasicParameters ITEM_ID DEVELOPER_PAYLOAD RESPONSE_CODESync response keys PURCHASE_INTENT REQUEST_ID RESULT_OKResponse codes RESULT_ERROR RESULT_DEVELOPER_ERROR RESPONSE_CODEAsync response IN_APP_NOTIFY
    34. 34. Get Purchase Information BasicParameters NONCE NOTIFY_IDS RESPONSE_CODESync response keys REQUEST_ID RESULT_OKResponse codes RESULT_ERROR RESULT_DEVELOPER_ERROR RESPONSE_CODEAsync response PURCHASE_STATE_CHANGED
    35. 35. Purchase State Changed JSON{ "nonce" : 1836535032137741465, "orders" : { "notificationId" : "android.test.purchased", "orderId" : "transactionId.android.test.purchased", "packageName" : "com.example.dungeons", "productId" : "android.test.purchased", "developerPayload" : "bGoa+V7g/yqDXvKRqq+JTFn4uQZbPiQ", "purchaseTime" : 1290114783411, "purchaseState" : 0 }}
    36. 36. Purchase States• Purchased (0)• Canceled (1)• Refunded (2)
    37. 37. Confirm Notifications BasicParameters NONCE NOTIFY_IDS RESPONSE_CODESync response keys REQUEST_ID RESULT_OKResponse codes RESULT_ERROR RESULT_DEVELOPER_ERRORAsync response RESPONSE_CODE
    38. 38. Unsolicited In-App Notify• Purchase when app is running in various devices• Refunds
    39. 39. Unsolicited In-App Notify
    40. 40. Restore Transactions
    41. 41. Restore Transactions BasicParameters NONCE RESPONSE_CODESync response keys REQUEST_ID RESULT_OKResponse codes RESULT_ERROR RESULT_DEVELOPER_ERROR RESPONSE_CODEAsync response PURCHASE_STATE_CHANGED
    42. 42. Security Controls• Signed purchase data• In-App Notify Nonces
    43. 43. Purchase State Changed Extras• inapp_signed_data: Signed JSON string (unencrypted)• inapp_signature: Use the Android Market public key to validate
    44. 44. Agenda• In-App Billing Overview• In-App Billing in Android• Android Market Billing Service• Android Billing Library• Administering & Testing In-App Billing• Security Best Practices
    45. 45. requestPurchase("com.example.item");
    46. 46. Android Billing Library • https://github.com/robotmedia/ AndroidBillingLibrary • Beta but... • “Better than starting from scratch”
    47. 47. Features• Full Android IAB Service implementation• Auto-confirmations• Obfuscated purchases database• Implements security best-practices• Half-decent unit testing coverage
    48. 48. Overview
    49. 49. AndroidManifest.xml <!-- Add this permission to your manifest --> <uses-permission android:name="com.android.vending.BILLING" /> <application> <!-- Add this service and receiver to your application --> <service android:name="net.robotmedia.billing.BillingService" /> <receiver android:name="net.robotmedia.billing.BillingReceiver"> <intent-filter> <action android:name="com.android.vending.billing.IN_APP_NOTIFY" /> <action android:name="com.android.vending.billing.RESPONSE_CODE" /> <actionandroid:name="com.android.vending.billing.PURCHASE_STATE_CHANGED" /> </intent-filter> </receiver> </application>
    50. 50. Set Configuration public void onCreate() { super.onCreate(); BillingController.setDebug(true); BillingController.setConfiguration(new BillingController.IConfiguration() { @Override public byte[] getObfuscationSalt() { return new byte[] {41, -90, -116, -41, 66, -53, 122, -110, -127, -96, -88, 77, 127 } @Override public String getPublicKey() { return "your public key here"; } }); }
    51. 51. Check Billing Supported @Override public void onCreate(Bundle savedInstanceState) { // ... BillingController.registerObserver(mBillingObserver); BillingController.checkBillingSupported(this); // ... } public void onBillingChecked(boolean supported) { if (!supported) { showDialog(DIALOG_BILLING_NOT_SUPPORTED_ID); } }
    52. 52. Request PurchaseBillingController.requestPurchase(this, productId, true /*confirm*/);@Overridepublic void onPurchaseIntent(String itemId, PendingIntent purchaseIntent) { BillingController.startPurchaseIntent(activity, purchaseIntent, null);}@Overridepublic void onRequestPurchaseResponse(String itemId, ResponseCode response) {}@Overridepublic void onPurchaseStateChanged(String itemId, PurchaseState state) {}
    53. 53. Restore Transactionsif (!mBillingObserver.isTransactionsRestored()) { BillingController.restoreTransactions(this); Toast.makeText(this, R.string.restoring_transactions,Toast.LENGTH_LONG).show();}@Overridepublic void onTransactionsRestored() { final SharedPreferences preferences =PreferenceManager.getDefaultSharedPreferences(activity); final Editor editor = preferences.edit(); editor.putBoolean(KEY_TRANSACTIONS_RESTORED, true); editor.commit();}
    54. 54. Suggestedimplementation
    55. 55. Agenda• In-App Billing Overview• In-App Billing in Android• Android Market Billing Service• Android Billing Library• Administering & Testing In-App Billing• Security Best Practices
    56. 56. Purchase type• Managed per user account • premium, digital content, unique virtual goods• Unmanaged • subscriptions, virtual currency, unlimited virtual goods
    57. 57. Managing In-App Products
    58. 58. Public key
    59. 59. Reserved product ids• android.test.purchased• android.test.canceled• android.test.refunded• android.test.item_unavailable
    60. 60. Test purchase process
    61. 61. Signed test responsesApplication ever Draft uploaded & Userbeen published? unpublished? * * Developer Yes No Test user Yes Yes *
    62. 62. Agenda• In-App Billing Overview• In-App Billing in Android• Android Market Billing Service• Android Billing Library• Administering & Testing In-App Billing• Security Best Practices
    63. 63. Best practices• Random nonces• Obfuscate purchase data• Embedding public key• Code obfuscation• Server-side signature validation
    64. 64. Gracias!

    ×