• Hello [name]! Thanks for joining the GMC. Before making any posts in the Tech Support forum, can we suggest you read the forum rules? These are simple guidelines that we ask you to follow so that you can get the best help possible for your issue.

Android Purchase Verification on Android- Still need to put out "Signature" in iap_purchase_details

M

MartianArctic

Guest
See this bug report- we still need "signature" to be shared with us in the iap_purchase_details ds_map

I believe using the "payload" doesn't do anything- that is something our server can manipulate, but not anything coming back from Google which is what every receipt verification scheme wants.

Thank you. GMS2 is great so far.

https://bugs.yoyogames.com/view.php?id=17696
 

Mert

Member
Someone in here modified the IAP file to retrieve "currency" value, I believe same can be done for signature.
Payload is for verification, more like for in client. Pretty much useless due to fact that it can easily be cracked. (You send a string to store and store sends it back once the transaction is completed. Then you can internally check whether the returning payload is the same as the one you sent at the beginning)

I was using GameAnalytics and had this issue, gave up on IAP verification and rather accepted all the purchases, whether they're legit or not. Now, I'm using Google Firebase and a good side of it is that it automatically tracks IAP transactions (data is transferred internally Google Play <> Firebase), means that you do not have to send data to your server. This is, of course, not the solution but does the trick.
 
M

MartianArctic

Guest
Someone in here modified the IAP file to retrieve "currency" value, I believe same can be done for signature.
oooh- thanks, Ill investigate.
 
Top