Who bought my app, only identifier of the user who paid





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I'm referring to this question
Who bought my app



only with a little twist: I don't want to know the email address of the user or phone number or anything alike. All I care about is some unique identification of the user who purchased it (="the active android/ios account" that was billed).
Is that possible?



I want the user that bought the app on android to be able to access the app on ios. Also I want to prevent "frauds". Imagine somebody borrows my device with my android credentials and within the app logs into his account and presses "buy". That would enable the user to buy the app and it'd charge me. Also it would allow them to restore MY purchases. That's why I need to get the fingerprints of the user who bought it.










share|improve this question























  • It took me a week to just understand the in-app purchase process. So take your time and do not jump to coding.

    – Kishan Vaishnav
    Dec 4 '18 at 4:57











  • You'll have to build all of that logic onto your own server. App Store and Play Store will only tell you about the device account that made the purchase. It may be worth checking out revenuecat.com if you don't want to build this yourself.

    – enc_life
    Dec 17 '18 at 3:56


















0















I'm referring to this question
Who bought my app



only with a little twist: I don't want to know the email address of the user or phone number or anything alike. All I care about is some unique identification of the user who purchased it (="the active android/ios account" that was billed).
Is that possible?



I want the user that bought the app on android to be able to access the app on ios. Also I want to prevent "frauds". Imagine somebody borrows my device with my android credentials and within the app logs into his account and presses "buy". That would enable the user to buy the app and it'd charge me. Also it would allow them to restore MY purchases. That's why I need to get the fingerprints of the user who bought it.










share|improve this question























  • It took me a week to just understand the in-app purchase process. So take your time and do not jump to coding.

    – Kishan Vaishnav
    Dec 4 '18 at 4:57











  • You'll have to build all of that logic onto your own server. App Store and Play Store will only tell you about the device account that made the purchase. It may be worth checking out revenuecat.com if you don't want to build this yourself.

    – enc_life
    Dec 17 '18 at 3:56














0












0








0








I'm referring to this question
Who bought my app



only with a little twist: I don't want to know the email address of the user or phone number or anything alike. All I care about is some unique identification of the user who purchased it (="the active android/ios account" that was billed).
Is that possible?



I want the user that bought the app on android to be able to access the app on ios. Also I want to prevent "frauds". Imagine somebody borrows my device with my android credentials and within the app logs into his account and presses "buy". That would enable the user to buy the app and it'd charge me. Also it would allow them to restore MY purchases. That's why I need to get the fingerprints of the user who bought it.










share|improve this question














I'm referring to this question
Who bought my app



only with a little twist: I don't want to know the email address of the user or phone number or anything alike. All I care about is some unique identification of the user who purchased it (="the active android/ios account" that was billed).
Is that possible?



I want the user that bought the app on android to be able to access the app on ios. Also I want to prevent "frauds". Imagine somebody borrows my device with my android credentials and within the app logs into his account and presses "buy". That would enable the user to buy the app and it'd charge me. Also it would allow them to restore MY purchases. That's why I need to get the fingerprints of the user who bought it.







android ios in-app-purchase






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 23 '18 at 14:16









NovellizatorNovellizator

2,62362950




2,62362950













  • It took me a week to just understand the in-app purchase process. So take your time and do not jump to coding.

    – Kishan Vaishnav
    Dec 4 '18 at 4:57











  • You'll have to build all of that logic onto your own server. App Store and Play Store will only tell you about the device account that made the purchase. It may be worth checking out revenuecat.com if you don't want to build this yourself.

    – enc_life
    Dec 17 '18 at 3:56



















  • It took me a week to just understand the in-app purchase process. So take your time and do not jump to coding.

    – Kishan Vaishnav
    Dec 4 '18 at 4:57











  • You'll have to build all of that logic onto your own server. App Store and Play Store will only tell you about the device account that made the purchase. It may be worth checking out revenuecat.com if you don't want to build this yourself.

    – enc_life
    Dec 17 '18 at 3:56

















It took me a week to just understand the in-app purchase process. So take your time and do not jump to coding.

– Kishan Vaishnav
Dec 4 '18 at 4:57





It took me a week to just understand the in-app purchase process. So take your time and do not jump to coding.

– Kishan Vaishnav
Dec 4 '18 at 4:57













You'll have to build all of that logic onto your own server. App Store and Play Store will only tell you about the device account that made the purchase. It may be worth checking out revenuecat.com if you don't want to build this yourself.

– enc_life
Dec 17 '18 at 3:56





You'll have to build all of that logic onto your own server. App Store and Play Store will only tell you about the device account that made the purchase. It may be worth checking out revenuecat.com if you don't want to build this yourself.

– enc_life
Dec 17 '18 at 3:56












1 Answer
1






active

oldest

votes


















0














I am assuming you already have the account management facility in your app.



So answer to your second question would be to implement the register and login facility which would allow the users to log in with the fingerprint which is the separate problem.



So go ahead and solve this problem first.



The answer to your first question resides in the central server where you register and authenticate the users.



You will need to validate InApp purchase from your server.



The flow steps of how it should be done:




  1. User clicks on the buy button. (It does not matter whether the original user is doing this action or a fraud)

  2. Ask the user for authentication. In this case fingerprint. (The fraud would not be able to pass from this step.)

  3. The app initiates the purchase flow. The user completes the flow.

  4. The app receives the payment successful response from the google. (The app will not allow the access to the item to the user yet. The payment needs to be verified by our server. Google suggests we verify payment from the server and not the app. Refer to Security Best Practices.)

  5. The app sends purchase receipt received from the Google + Unique Id(UserId, Email, Phone no.) to the server.

  6. The server sends purchase receipt (purchaseToken) to Google for verification. The Google verifies it as a successful purchase.

  7. Now that our server knows that the purchase was successful it creates an entry in the database with purchase info (Purchase time, Start time, Expiry time etc.) and user info.
    (This is the answer to your first question)


The flow steps when the user logs in from the iOS or any other device.




  1. The user logs in to the device.

  2. The user tries to use the purchased product.

  3. The app sends the request to the server.

  4. The server checks whether the user has access to the resource.

  5. Returns the response.



Key point is to have a Server which authenticates the user and verifies the purchase.




Follow my THIS answer you will get clear Idea on how to implement this.






share|improve this answer
























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53448328%2fwho-bought-my-app-only-identifier-of-the-user-who-paid%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    I am assuming you already have the account management facility in your app.



    So answer to your second question would be to implement the register and login facility which would allow the users to log in with the fingerprint which is the separate problem.



    So go ahead and solve this problem first.



    The answer to your first question resides in the central server where you register and authenticate the users.



    You will need to validate InApp purchase from your server.



    The flow steps of how it should be done:




    1. User clicks on the buy button. (It does not matter whether the original user is doing this action or a fraud)

    2. Ask the user for authentication. In this case fingerprint. (The fraud would not be able to pass from this step.)

    3. The app initiates the purchase flow. The user completes the flow.

    4. The app receives the payment successful response from the google. (The app will not allow the access to the item to the user yet. The payment needs to be verified by our server. Google suggests we verify payment from the server and not the app. Refer to Security Best Practices.)

    5. The app sends purchase receipt received from the Google + Unique Id(UserId, Email, Phone no.) to the server.

    6. The server sends purchase receipt (purchaseToken) to Google for verification. The Google verifies it as a successful purchase.

    7. Now that our server knows that the purchase was successful it creates an entry in the database with purchase info (Purchase time, Start time, Expiry time etc.) and user info.
      (This is the answer to your first question)


    The flow steps when the user logs in from the iOS or any other device.




    1. The user logs in to the device.

    2. The user tries to use the purchased product.

    3. The app sends the request to the server.

    4. The server checks whether the user has access to the resource.

    5. Returns the response.



    Key point is to have a Server which authenticates the user and verifies the purchase.




    Follow my THIS answer you will get clear Idea on how to implement this.






    share|improve this answer




























      0














      I am assuming you already have the account management facility in your app.



      So answer to your second question would be to implement the register and login facility which would allow the users to log in with the fingerprint which is the separate problem.



      So go ahead and solve this problem first.



      The answer to your first question resides in the central server where you register and authenticate the users.



      You will need to validate InApp purchase from your server.



      The flow steps of how it should be done:




      1. User clicks on the buy button. (It does not matter whether the original user is doing this action or a fraud)

      2. Ask the user for authentication. In this case fingerprint. (The fraud would not be able to pass from this step.)

      3. The app initiates the purchase flow. The user completes the flow.

      4. The app receives the payment successful response from the google. (The app will not allow the access to the item to the user yet. The payment needs to be verified by our server. Google suggests we verify payment from the server and not the app. Refer to Security Best Practices.)

      5. The app sends purchase receipt received from the Google + Unique Id(UserId, Email, Phone no.) to the server.

      6. The server sends purchase receipt (purchaseToken) to Google for verification. The Google verifies it as a successful purchase.

      7. Now that our server knows that the purchase was successful it creates an entry in the database with purchase info (Purchase time, Start time, Expiry time etc.) and user info.
        (This is the answer to your first question)


      The flow steps when the user logs in from the iOS or any other device.




      1. The user logs in to the device.

      2. The user tries to use the purchased product.

      3. The app sends the request to the server.

      4. The server checks whether the user has access to the resource.

      5. Returns the response.



      Key point is to have a Server which authenticates the user and verifies the purchase.




      Follow my THIS answer you will get clear Idea on how to implement this.






      share|improve this answer


























        0












        0








        0







        I am assuming you already have the account management facility in your app.



        So answer to your second question would be to implement the register and login facility which would allow the users to log in with the fingerprint which is the separate problem.



        So go ahead and solve this problem first.



        The answer to your first question resides in the central server where you register and authenticate the users.



        You will need to validate InApp purchase from your server.



        The flow steps of how it should be done:




        1. User clicks on the buy button. (It does not matter whether the original user is doing this action or a fraud)

        2. Ask the user for authentication. In this case fingerprint. (The fraud would not be able to pass from this step.)

        3. The app initiates the purchase flow. The user completes the flow.

        4. The app receives the payment successful response from the google. (The app will not allow the access to the item to the user yet. The payment needs to be verified by our server. Google suggests we verify payment from the server and not the app. Refer to Security Best Practices.)

        5. The app sends purchase receipt received from the Google + Unique Id(UserId, Email, Phone no.) to the server.

        6. The server sends purchase receipt (purchaseToken) to Google for verification. The Google verifies it as a successful purchase.

        7. Now that our server knows that the purchase was successful it creates an entry in the database with purchase info (Purchase time, Start time, Expiry time etc.) and user info.
          (This is the answer to your first question)


        The flow steps when the user logs in from the iOS or any other device.




        1. The user logs in to the device.

        2. The user tries to use the purchased product.

        3. The app sends the request to the server.

        4. The server checks whether the user has access to the resource.

        5. Returns the response.



        Key point is to have a Server which authenticates the user and verifies the purchase.




        Follow my THIS answer you will get clear Idea on how to implement this.






        share|improve this answer













        I am assuming you already have the account management facility in your app.



        So answer to your second question would be to implement the register and login facility which would allow the users to log in with the fingerprint which is the separate problem.



        So go ahead and solve this problem first.



        The answer to your first question resides in the central server where you register and authenticate the users.



        You will need to validate InApp purchase from your server.



        The flow steps of how it should be done:




        1. User clicks on the buy button. (It does not matter whether the original user is doing this action or a fraud)

        2. Ask the user for authentication. In this case fingerprint. (The fraud would not be able to pass from this step.)

        3. The app initiates the purchase flow. The user completes the flow.

        4. The app receives the payment successful response from the google. (The app will not allow the access to the item to the user yet. The payment needs to be verified by our server. Google suggests we verify payment from the server and not the app. Refer to Security Best Practices.)

        5. The app sends purchase receipt received from the Google + Unique Id(UserId, Email, Phone no.) to the server.

        6. The server sends purchase receipt (purchaseToken) to Google for verification. The Google verifies it as a successful purchase.

        7. Now that our server knows that the purchase was successful it creates an entry in the database with purchase info (Purchase time, Start time, Expiry time etc.) and user info.
          (This is the answer to your first question)


        The flow steps when the user logs in from the iOS or any other device.




        1. The user logs in to the device.

        2. The user tries to use the purchased product.

        3. The app sends the request to the server.

        4. The server checks whether the user has access to the resource.

        5. Returns the response.



        Key point is to have a Server which authenticates the user and verifies the purchase.




        Follow my THIS answer you will get clear Idea on how to implement this.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 4 '18 at 4:54









        Kishan VaishnavKishan Vaishnav

        9311




        9311
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53448328%2fwho-bought-my-app-only-identifier-of-the-user-who-paid%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

            Alcedinidae

            RAC Tourist Trophy