In-app purchasing is a common and important way for monetizing apps. This course introduces you to integrating Google Play In-app Billing into Android apps in a comprehensive way. You can get the introduction of the whole image of In-app Billing, learn how the purchase flow works, purchase and consume in-app products, and test In-app Billing in a sandbox. The possible security issues are discussed and suggestions are given on how to deal with the problems. Finally, you will get inspiration on how to increase sales with In-app Billing.
Yan Zhang is a software developer and founder of the mobile app company - Flame Soft AB. She has worked for more than ten years in software development with experience in C++, .NET, Java, and Objective-C.
Purchasing and Testing In-app Products In this section, we will implement In-app Billing in our code and test it. Our code will be based on the sample application, Trivial Drive, offered by Google. The sample includes convenient classes to quickly set up the In-app Billing service. It is a good start point for us to understand how to begin to program for In-app Billing. We will use the utility classes from the sample application in our demo project. Later, when you develop your own In-app Billing enabled applications, you can make more improvement on it. Let's have a look at how the purchase flow works. The legacy In-app Billing version 2 is asynchronous and uses service messages sent as broadcast intents. It's much more complicated than version 3. A big improvement in version 3 is that the API calls have been changed to simple synchronous calls. Your activity sends a purchase request to Google Play. Then Google Play will respond right away after it accepts the purchase. It's simple to understand and implement. In fact, your application never directly communicates with the Google Play server. Instead, it sends billing requests to the Google Play app over interprocess communication and receives responses from the Google Play app. After the purchase is done, the Google Play app saves the purchases in its client-side cache. So it makes it very easy and effective to query what items a user owns and to restore purchase.
Securing Your In-app Billing In this section, I'm going to review the possible risks for In-app Billing implementation and make suggestions on how to improve security in practice. I'm not a security expert, so I can only try to discuss about the risks that Google has written in their document to remind the developers to do. Sometimes I doubt that if an operating system needs all of the developers to add their own home-brewed security solutions to protect their apps, can we call this system a complete system? Anyway, there is no use to complain. What we can do is to learn more about security and help ourselves. It's especially advised not to use any code examples you might find online, especially those in the documentation because there are always some bad guys in the darkness who will probably have scripts ready to break it, so it's not safe to use directly the utility classes from the Trivial Drive sample. What you can do is to get inspiration from the sample and make your own version of In-app Billing implementation. You need to spend some efforts to apply various layers of security to your app. These add extra time for development, so remember to add some extra days or weeks for the security implementation in your app when you plan an app project.