What Should Be The Developer Payload In Android In-app Billing V3 Api?

I am implementing in-app billing in my app to unlock premium features. The in-app billing sets up correctly. Everything seems fine except the 'developer payload' thing. The sample

Solution 1:

For me a random string isn't useful as firstly, it needs to be dependent on the user who bought it, not the device it was bought on. Secondly, it's a non-consumable item, so an empty string may suit, but isn't ideal.

So my way around it is to create an encrypted hash based on a key. Each time a purchase is made, it's uniquely identifiable since the hash should never be the same (this depends on the hashing method, such as bcrypt).

Since the key is the same on all the devices, it's easy to decrypt and verify that the secret message is correct.

In order for the key to remain a secret, I've used various string manipulation functions to mask it so it's not stored in a visible manner.

An example of the text maniluation can be found here: Android In App Billing: securing application public key

String Base64EncodedPublicKey key = DecrementEachletter("Bl4kgle") + GetMiddleBit() + ReverseString("D349824");

This method of creating a hash based on a key allows the payload to be unique and identifiable, at the same time as being reasonably secure. It's not bulletproof, but it sure makes it hard to crack.

Solution 2:

Please check below answer, it may solved your problem:

if you are using consumable item(managed item) then you can use random generated string

step 1: before on create method declare this:

privatestaticfinalchar[] symbols = newchar[36];

                static {
                    for (int idx = 0; idx < 10; ++idx)
                        symbols[idx] = (char) ('0' + idx);
                    for (int idx = 10; idx < 36; ++idx)
                        symbols[idx] = (char) ('a' + idx - 10);
                }

step 2: set RandomString and SessionIdentifierGenerator class in your activity

publicclassRandomString {

        /*
         * static { for (int idx = 0; idx < 10; ++idx) symbols[idx] = (char)
         * ('0' + idx); for (int idx = 10; idx < 36; ++idx) symbols[idx] =
         * (char) ('a' + idx - 10); }
         */privatefinalRandomrandom=newRandom();

        privatefinalchar[] buf;

        publicRandomString(int length) {
            if (length < 1)
                thrownewIllegalArgumentException("length < 1: " + length);
            buf = newchar[length];
        }

        public String nextString() {
            for (intidx=0; idx < buf.length; ++idx)
                buf[idx] = symbols[random.nextInt(symbols.length)];
            returnnewString(buf);
        }

    }

    publicfinalclassSessionIdentifierGenerator {

        privateSecureRandomrandom=newSecureRandom();

        public String nextSessionId() {
            returnnewBigInteger(130, random).toString(32);
        }

    }

step 3: pass payload into your puchase request:

RandomStringrandomString=newRandomString(36);
            System.out.println("RandomString>>>>" + randomString.nextString());
            /* String payload = ""; */// bGoa+V7g/yqDXvKRqq+JTFn4uQZbPiQJo4pf9RzJStringpayload= randomString.nextString();
            Log.e("Random generated Payload", ">>>>>" + payload);

        Log.d(TAG, "Launching purchase flow for infinite gas subscription.");
            mHelper.launchPurchaseFlow(this, SKU_GAS,
                    IabHelper.ITEM_TYPE_INAPP, RC_REQUEST,
                    mPurchaseFinishedListener, payload);

for more inforamation check this link: Token that identify the user

Hope it will solve your problem.