Who bought my app, only identifier of the user who paid
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I'm referring to this question
Who bought my app
only with a little twist: I don't want to know the email address of the user or phone number or anything alike. All I care about is some unique identification of the user who purchased it (="the active android/ios account" that was billed).
Is that possible?
I want the user that bought the app on android to be able to access the app on ios. Also I want to prevent "frauds". Imagine somebody borrows my device with my android credentials and within the app logs into his account and presses "buy". That would enable the user to buy the app and it'd charge me. Also it would allow them to restore MY purchases. That's why I need to get the fingerprints of the user who bought it.
android ios in-app-purchase
add a comment |
I'm referring to this question
Who bought my app
only with a little twist: I don't want to know the email address of the user or phone number or anything alike. All I care about is some unique identification of the user who purchased it (="the active android/ios account" that was billed).
Is that possible?
I want the user that bought the app on android to be able to access the app on ios. Also I want to prevent "frauds". Imagine somebody borrows my device with my android credentials and within the app logs into his account and presses "buy". That would enable the user to buy the app and it'd charge me. Also it would allow them to restore MY purchases. That's why I need to get the fingerprints of the user who bought it.
android ios in-app-purchase
It took me a week to just understand the in-app purchase process. So take your time and do not jump to coding.
– Kishan Vaishnav
Dec 4 '18 at 4:57
You'll have to build all of that logic onto your own server. App Store and Play Store will only tell you about the device account that made the purchase. It may be worth checking out revenuecat.com if you don't want to build this yourself.
– enc_life
Dec 17 '18 at 3:56
add a comment |
I'm referring to this question
Who bought my app
only with a little twist: I don't want to know the email address of the user or phone number or anything alike. All I care about is some unique identification of the user who purchased it (="the active android/ios account" that was billed).
Is that possible?
I want the user that bought the app on android to be able to access the app on ios. Also I want to prevent "frauds". Imagine somebody borrows my device with my android credentials and within the app logs into his account and presses "buy". That would enable the user to buy the app and it'd charge me. Also it would allow them to restore MY purchases. That's why I need to get the fingerprints of the user who bought it.
android ios in-app-purchase
I'm referring to this question
Who bought my app
only with a little twist: I don't want to know the email address of the user or phone number or anything alike. All I care about is some unique identification of the user who purchased it (="the active android/ios account" that was billed).
Is that possible?
I want the user that bought the app on android to be able to access the app on ios. Also I want to prevent "frauds". Imagine somebody borrows my device with my android credentials and within the app logs into his account and presses "buy". That would enable the user to buy the app and it'd charge me. Also it would allow them to restore MY purchases. That's why I need to get the fingerprints of the user who bought it.
android ios in-app-purchase
android ios in-app-purchase
asked Nov 23 '18 at 14:16
NovellizatorNovellizator
2,62362950
2,62362950
It took me a week to just understand the in-app purchase process. So take your time and do not jump to coding.
– Kishan Vaishnav
Dec 4 '18 at 4:57
You'll have to build all of that logic onto your own server. App Store and Play Store will only tell you about the device account that made the purchase. It may be worth checking out revenuecat.com if you don't want to build this yourself.
– enc_life
Dec 17 '18 at 3:56
add a comment |
It took me a week to just understand the in-app purchase process. So take your time and do not jump to coding.
– Kishan Vaishnav
Dec 4 '18 at 4:57
You'll have to build all of that logic onto your own server. App Store and Play Store will only tell you about the device account that made the purchase. It may be worth checking out revenuecat.com if you don't want to build this yourself.
– enc_life
Dec 17 '18 at 3:56
It took me a week to just understand the in-app purchase process. So take your time and do not jump to coding.
– Kishan Vaishnav
Dec 4 '18 at 4:57
It took me a week to just understand the in-app purchase process. So take your time and do not jump to coding.
– Kishan Vaishnav
Dec 4 '18 at 4:57
You'll have to build all of that logic onto your own server. App Store and Play Store will only tell you about the device account that made the purchase. It may be worth checking out revenuecat.com if you don't want to build this yourself.
– enc_life
Dec 17 '18 at 3:56
You'll have to build all of that logic onto your own server. App Store and Play Store will only tell you about the device account that made the purchase. It may be worth checking out revenuecat.com if you don't want to build this yourself.
– enc_life
Dec 17 '18 at 3:56
add a comment |
1 Answer
1
active
oldest
votes
I am assuming you already have the account management facility in your app.
So answer to your second question would be to implement the register and login facility which would allow the users to log in with the fingerprint which is the separate problem.
So go ahead and solve this problem first.
The answer to your first question resides in the central server where you register and authenticate the users.
You will need to validate InApp purchase from your server.
The flow steps of how it should be done:
- User clicks on the buy button. (It does not matter whether the original user is doing this action or a fraud)
- Ask the user for authentication. In this case fingerprint. (The fraud would not be able to pass from this step.)
- The app initiates the purchase flow. The user completes the flow.
- The app receives the payment successful response from the google. (The app will not allow the access to the item to the user yet. The payment needs to be verified by our server. Google suggests we verify payment from the server and not the app. Refer to Security Best Practices.)
- The app sends purchase receipt received from the Google + Unique Id(UserId, Email, Phone no.) to the server.
- The server sends purchase receipt (purchaseToken) to Google for verification. The Google verifies it as a successful purchase.
- Now that our server knows that the purchase was successful it creates an entry in the database with purchase info (Purchase time, Start time, Expiry time etc.) and user info.
(This is the answer to your first question)
The flow steps when the user logs in from the iOS or any other device.
- The user logs in to the device.
- The user tries to use the purchased product.
- The app sends the request to the server.
- The server checks whether the user has access to the resource.
- Returns the response.
Key point is to have a Server which authenticates the user and verifies the purchase.
Follow my THIS answer you will get clear Idea on how to implement this.
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53448328%2fwho-bought-my-app-only-identifier-of-the-user-who-paid%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I am assuming you already have the account management facility in your app.
So answer to your second question would be to implement the register and login facility which would allow the users to log in with the fingerprint which is the separate problem.
So go ahead and solve this problem first.
The answer to your first question resides in the central server where you register and authenticate the users.
You will need to validate InApp purchase from your server.
The flow steps of how it should be done:
- User clicks on the buy button. (It does not matter whether the original user is doing this action or a fraud)
- Ask the user for authentication. In this case fingerprint. (The fraud would not be able to pass from this step.)
- The app initiates the purchase flow. The user completes the flow.
- The app receives the payment successful response from the google. (The app will not allow the access to the item to the user yet. The payment needs to be verified by our server. Google suggests we verify payment from the server and not the app. Refer to Security Best Practices.)
- The app sends purchase receipt received from the Google + Unique Id(UserId, Email, Phone no.) to the server.
- The server sends purchase receipt (purchaseToken) to Google for verification. The Google verifies it as a successful purchase.
- Now that our server knows that the purchase was successful it creates an entry in the database with purchase info (Purchase time, Start time, Expiry time etc.) and user info.
(This is the answer to your first question)
The flow steps when the user logs in from the iOS or any other device.
- The user logs in to the device.
- The user tries to use the purchased product.
- The app sends the request to the server.
- The server checks whether the user has access to the resource.
- Returns the response.
Key point is to have a Server which authenticates the user and verifies the purchase.
Follow my THIS answer you will get clear Idea on how to implement this.
add a comment |
I am assuming you already have the account management facility in your app.
So answer to your second question would be to implement the register and login facility which would allow the users to log in with the fingerprint which is the separate problem.
So go ahead and solve this problem first.
The answer to your first question resides in the central server where you register and authenticate the users.
You will need to validate InApp purchase from your server.
The flow steps of how it should be done:
- User clicks on the buy button. (It does not matter whether the original user is doing this action or a fraud)
- Ask the user for authentication. In this case fingerprint. (The fraud would not be able to pass from this step.)
- The app initiates the purchase flow. The user completes the flow.
- The app receives the payment successful response from the google. (The app will not allow the access to the item to the user yet. The payment needs to be verified by our server. Google suggests we verify payment from the server and not the app. Refer to Security Best Practices.)
- The app sends purchase receipt received from the Google + Unique Id(UserId, Email, Phone no.) to the server.
- The server sends purchase receipt (purchaseToken) to Google for verification. The Google verifies it as a successful purchase.
- Now that our server knows that the purchase was successful it creates an entry in the database with purchase info (Purchase time, Start time, Expiry time etc.) and user info.
(This is the answer to your first question)
The flow steps when the user logs in from the iOS or any other device.
- The user logs in to the device.
- The user tries to use the purchased product.
- The app sends the request to the server.
- The server checks whether the user has access to the resource.
- Returns the response.
Key point is to have a Server which authenticates the user and verifies the purchase.
Follow my THIS answer you will get clear Idea on how to implement this.
add a comment |
I am assuming you already have the account management facility in your app.
So answer to your second question would be to implement the register and login facility which would allow the users to log in with the fingerprint which is the separate problem.
So go ahead and solve this problem first.
The answer to your first question resides in the central server where you register and authenticate the users.
You will need to validate InApp purchase from your server.
The flow steps of how it should be done:
- User clicks on the buy button. (It does not matter whether the original user is doing this action or a fraud)
- Ask the user for authentication. In this case fingerprint. (The fraud would not be able to pass from this step.)
- The app initiates the purchase flow. The user completes the flow.
- The app receives the payment successful response from the google. (The app will not allow the access to the item to the user yet. The payment needs to be verified by our server. Google suggests we verify payment from the server and not the app. Refer to Security Best Practices.)
- The app sends purchase receipt received from the Google + Unique Id(UserId, Email, Phone no.) to the server.
- The server sends purchase receipt (purchaseToken) to Google for verification. The Google verifies it as a successful purchase.
- Now that our server knows that the purchase was successful it creates an entry in the database with purchase info (Purchase time, Start time, Expiry time etc.) and user info.
(This is the answer to your first question)
The flow steps when the user logs in from the iOS or any other device.
- The user logs in to the device.
- The user tries to use the purchased product.
- The app sends the request to the server.
- The server checks whether the user has access to the resource.
- Returns the response.
Key point is to have a Server which authenticates the user and verifies the purchase.
Follow my THIS answer you will get clear Idea on how to implement this.
I am assuming you already have the account management facility in your app.
So answer to your second question would be to implement the register and login facility which would allow the users to log in with the fingerprint which is the separate problem.
So go ahead and solve this problem first.
The answer to your first question resides in the central server where you register and authenticate the users.
You will need to validate InApp purchase from your server.
The flow steps of how it should be done:
- User clicks on the buy button. (It does not matter whether the original user is doing this action or a fraud)
- Ask the user for authentication. In this case fingerprint. (The fraud would not be able to pass from this step.)
- The app initiates the purchase flow. The user completes the flow.
- The app receives the payment successful response from the google. (The app will not allow the access to the item to the user yet. The payment needs to be verified by our server. Google suggests we verify payment from the server and not the app. Refer to Security Best Practices.)
- The app sends purchase receipt received from the Google + Unique Id(UserId, Email, Phone no.) to the server.
- The server sends purchase receipt (purchaseToken) to Google for verification. The Google verifies it as a successful purchase.
- Now that our server knows that the purchase was successful it creates an entry in the database with purchase info (Purchase time, Start time, Expiry time etc.) and user info.
(This is the answer to your first question)
The flow steps when the user logs in from the iOS or any other device.
- The user logs in to the device.
- The user tries to use the purchased product.
- The app sends the request to the server.
- The server checks whether the user has access to the resource.
- Returns the response.
Key point is to have a Server which authenticates the user and verifies the purchase.
Follow my THIS answer you will get clear Idea on how to implement this.
answered Dec 4 '18 at 4:54
Kishan VaishnavKishan Vaishnav
9311
9311
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53448328%2fwho-bought-my-app-only-identifier-of-the-user-who-paid%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
It took me a week to just understand the in-app purchase process. So take your time and do not jump to coding.
– Kishan Vaishnav
Dec 4 '18 at 4:57
You'll have to build all of that logic onto your own server. App Store and Play Store will only tell you about the device account that made the purchase. It may be worth checking out revenuecat.com if you don't want to build this yourself.
– enc_life
Dec 17 '18 at 3:56