Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 74916a56 authored by Andrew Solovay's avatar Andrew Solovay
Browse files

docs: Recommend not using email address in payload string 

See first comment for doc stage location.

bug: 26492391
Change-Id: I72c159f1a7b71ff67c0d2c5b634dcc72d9150e6a
parent b3631e96

docs/html/google/play/billing/billing_best_practices.jd

+6 −0
Original line number Diff line number Diff line
@@ -100,6 +100,12 @@ Google Play returns this string together with the purchase details.</p> 
made the purchase, so that you can later verify that this is a legitimate purchase by

that user. For consumable items, you can use a randomly generated string, but for non-

consumable items you should use a string that uniquely identifies the user.</p>



<p class="note">

  <strong>Note:</strong> Do not use the user's

  email address in the payload string, since that address may change.

</p>



<p>When you get back the response from Google Play, make sure to verify that the

developer payload string matches the token that you sent previously with the purchase

request. As a further security precaution, you should perform the verification on your