Loading docs/html/google/play/billing/billing_integrate.jd +29 −0 Original line number Diff line number Diff line Loading @@ -19,6 +19,7 @@ parent.link=index.html <li><a href="#Subs">Implementing Subscriptions</a><li> </ol> </li> <li><a href="#billing-security">Securing Your App</a> </ol> <h2>Reference</h2> <ol> Loading Loading @@ -361,6 +362,34 @@ Bundle activeSubs = mService.getPurchases(3, "com.example.myapp", the user. Once a subscription expires without renewal, it will no longer appear in the returned {@code Bundle}.</p> <h2 id="billing-security">Securing Your Application</h2> <p>To help ensure the integrity of the transaction information that is sent to your application, Google Play signs the JSON string that contains the response data for a purchase order. Google Play uses the private key that is associated with your application in the Developer Console to create this signature. The Developer Console generates an RSA key pair for each application.<p> <p class="note"><strong>Note:</strong>To find the public key portion of this key pair, open your application's details in the Developer Console, then click on <strong>Services & APIs</strong>, and look at the field titled <strong>Your License Key for This Application</strong>.</p> <p>The Base64-encoded RSA public key generated by Google Play is in binary encoded, X.509 subjectPublicKeyInfo DER SEQUENCE format. It is the same public key that is used with Google Play licensing.</p> <p>When your application receives this signed response you can use the public key portion of your RSA key pair to verify the signature. By performing signature verification you can detect responses that have been tampered with or that have been spoofed. You can perform this signature verification step in your application; however, if your application connects to a secure remote server then we recommend that you perform the signature verification on that server.</p> <p>For more information about best practices for security and design, see <a href="{@docRoot}google/play/billing/billing_best_practices.html">Security and Design</a>.</p> Loading docs/html/google/play/billing/billing_reference.jd +3 −1 Original line number Diff line number Diff line Loading @@ -143,7 +143,9 @@ does not include tax.</td> </tr> <tr> <td>{@code INAPP_DATA_SIGNATURE}</td> <td>String containing the signature of the purchase data that was signed with the private key of the developer.</td> <td>String containing the signature of the purchase data that was signed with the private key of the developer. The data signature uses the RSASSA-PKCS1-v1_5 scheme.</td> </tr> </table> </p> Loading docs/html/google/play/licensing/adding-licensing.jd +16 −24 Original line number Diff line number Diff line Loading @@ -853,37 +853,39 @@ sample application calls <code>checkAccess()</code> from a <h3 id="account-key">Embed your public key for licensing</h3> <p>For each publisher account, the Google Play service automatically generates a 2048-bit RSA public/private key pair that is used exclusively for licensing. The key pair is uniquely associated with the publisher account and is shared across all applications that are published through the account. Although associated with a publisher account, the key pair is <em>not</em> the same as the key that you use to sign your applications (or derived from it).</p> <p>For each application, the Google Play service automatically generates a 2048-bit RSA public/private key pair that is used for licensing and in-app billing. The key pair is uniquely associated with the application. Although associated with the application, the key pair is <em>not</em> the same as the key that you use to sign your applications (or derived from it).</p> <p>The Google Play Developer Console exposes the public key for licensing to any developer signed in to the publisher account, but it keeps the private key developer signed in to the Developer Console, but it keeps the private key hidden from all users in a secure location. When an application requests a license check for an application published in your account, the licensing server signs the license response using the private key of your account's key pair. signs the license response using the private key of your application's key pair. When the LVL receives the response, it uses the public key provided by the application to verify the signature of the license response. </p> <p>To add licensing to an application, you must obtain your publisher account's <p>To add licensing to an application, you must obtain your application's public key for licensing and copy it into your application. Here's how to find your account's public key for licensing:</p> your application's public key for licensing:</p> <ol> <li>Go to the Google Play <a href="http://play.google.com/apps/publish">Developer Console</a> and sign in. Make sure that you sign in to the account from which the application you are licensing is published (or will be published). </li> <li>In the account home page, locate the "Edit profile" link and click it. </li> <li>In the Edit Profile page, locate the "Licensing" pane, shown below. Your public key for licensing is given in the "Public key" text box. </li> <li>In the application details page, locate the <strong>Services & APIs</strong> link and click it. </li> <li>In the <strong>Services & APIs</strong> page, locate the <strong>Licensing & In-App Billing</strong> section. Your public key for licensing is given in the <strong>Your License Key For This Application</strong> field. </li> </ol> <p>To add the public key to your application, simply copy/paste the key string from the text box into your application as the value of the String variable from the field into your application as the value of the String variable <code>BASE64_PUBLIC_KEY</code>. When you are copying, make sure that you have selected the entire key string, without omitting any characters. </p> Loading Loading @@ -965,16 +967,6 @@ application that they have legitimately purchased on another device.</li> </ul> </div> <h2 id="app-obfuscation">Obfuscating Your Code</h2> <p>To ensure the security of your application, particularly for a paid Loading docs/html/google/play/licensing/index.jd +1 −1 Original line number Diff line number Diff line Loading @@ -16,7 +16,7 @@ restrict use of the application to a specific device, in addition to any other c <p>The licensing service is a secure means of controlling access to your applications. When an application checks the licensing status, the Google Play server signs the licensing status response using a key pair that is uniquely associated with the publisher account. Your application response using a key pair that is uniquely associated with the application. Your application stores the public key in its compiled <code>.apk</code> file and uses it to verify the licensing status response.</p> Loading docs/html/google/play/licensing/licensing-reference.jd +1 −1 Original line number Diff line number Diff line Loading @@ -186,7 +186,7 @@ licensing server, possibly because of network availability problems. </td> </tr> <tr> <td>{@code ERROR_SERVER_FAILURE}</td> <td>Server error — the server could not load the publisher account's key <td>Server error — the server could not load the application's key pair for licensing.</td> <td>No</td> <td></td> Loading Loading
docs/html/google/play/billing/billing_integrate.jd +29 −0 Original line number Diff line number Diff line Loading @@ -19,6 +19,7 @@ parent.link=index.html <li><a href="#Subs">Implementing Subscriptions</a><li> </ol> </li> <li><a href="#billing-security">Securing Your App</a> </ol> <h2>Reference</h2> <ol> Loading Loading @@ -361,6 +362,34 @@ Bundle activeSubs = mService.getPurchases(3, "com.example.myapp", the user. Once a subscription expires without renewal, it will no longer appear in the returned {@code Bundle}.</p> <h2 id="billing-security">Securing Your Application</h2> <p>To help ensure the integrity of the transaction information that is sent to your application, Google Play signs the JSON string that contains the response data for a purchase order. Google Play uses the private key that is associated with your application in the Developer Console to create this signature. The Developer Console generates an RSA key pair for each application.<p> <p class="note"><strong>Note:</strong>To find the public key portion of this key pair, open your application's details in the Developer Console, then click on <strong>Services & APIs</strong>, and look at the field titled <strong>Your License Key for This Application</strong>.</p> <p>The Base64-encoded RSA public key generated by Google Play is in binary encoded, X.509 subjectPublicKeyInfo DER SEQUENCE format. It is the same public key that is used with Google Play licensing.</p> <p>When your application receives this signed response you can use the public key portion of your RSA key pair to verify the signature. By performing signature verification you can detect responses that have been tampered with or that have been spoofed. You can perform this signature verification step in your application; however, if your application connects to a secure remote server then we recommend that you perform the signature verification on that server.</p> <p>For more information about best practices for security and design, see <a href="{@docRoot}google/play/billing/billing_best_practices.html">Security and Design</a>.</p> Loading
docs/html/google/play/billing/billing_reference.jd +3 −1 Original line number Diff line number Diff line Loading @@ -143,7 +143,9 @@ does not include tax.</td> </tr> <tr> <td>{@code INAPP_DATA_SIGNATURE}</td> <td>String containing the signature of the purchase data that was signed with the private key of the developer.</td> <td>String containing the signature of the purchase data that was signed with the private key of the developer. The data signature uses the RSASSA-PKCS1-v1_5 scheme.</td> </tr> </table> </p> Loading
docs/html/google/play/licensing/adding-licensing.jd +16 −24 Original line number Diff line number Diff line Loading @@ -853,37 +853,39 @@ sample application calls <code>checkAccess()</code> from a <h3 id="account-key">Embed your public key for licensing</h3> <p>For each publisher account, the Google Play service automatically generates a 2048-bit RSA public/private key pair that is used exclusively for licensing. The key pair is uniquely associated with the publisher account and is shared across all applications that are published through the account. Although associated with a publisher account, the key pair is <em>not</em> the same as the key that you use to sign your applications (or derived from it).</p> <p>For each application, the Google Play service automatically generates a 2048-bit RSA public/private key pair that is used for licensing and in-app billing. The key pair is uniquely associated with the application. Although associated with the application, the key pair is <em>not</em> the same as the key that you use to sign your applications (or derived from it).</p> <p>The Google Play Developer Console exposes the public key for licensing to any developer signed in to the publisher account, but it keeps the private key developer signed in to the Developer Console, but it keeps the private key hidden from all users in a secure location. When an application requests a license check for an application published in your account, the licensing server signs the license response using the private key of your account's key pair. signs the license response using the private key of your application's key pair. When the LVL receives the response, it uses the public key provided by the application to verify the signature of the license response. </p> <p>To add licensing to an application, you must obtain your publisher account's <p>To add licensing to an application, you must obtain your application's public key for licensing and copy it into your application. Here's how to find your account's public key for licensing:</p> your application's public key for licensing:</p> <ol> <li>Go to the Google Play <a href="http://play.google.com/apps/publish">Developer Console</a> and sign in. Make sure that you sign in to the account from which the application you are licensing is published (or will be published). </li> <li>In the account home page, locate the "Edit profile" link and click it. </li> <li>In the Edit Profile page, locate the "Licensing" pane, shown below. Your public key for licensing is given in the "Public key" text box. </li> <li>In the application details page, locate the <strong>Services & APIs</strong> link and click it. </li> <li>In the <strong>Services & APIs</strong> page, locate the <strong>Licensing & In-App Billing</strong> section. Your public key for licensing is given in the <strong>Your License Key For This Application</strong> field. </li> </ol> <p>To add the public key to your application, simply copy/paste the key string from the text box into your application as the value of the String variable from the field into your application as the value of the String variable <code>BASE64_PUBLIC_KEY</code>. When you are copying, make sure that you have selected the entire key string, without omitting any characters. </p> Loading Loading @@ -965,16 +967,6 @@ application that they have legitimately purchased on another device.</li> </ul> </div> <h2 id="app-obfuscation">Obfuscating Your Code</h2> <p>To ensure the security of your application, particularly for a paid Loading
docs/html/google/play/licensing/index.jd +1 −1 Original line number Diff line number Diff line Loading @@ -16,7 +16,7 @@ restrict use of the application to a specific device, in addition to any other c <p>The licensing service is a secure means of controlling access to your applications. When an application checks the licensing status, the Google Play server signs the licensing status response using a key pair that is uniquely associated with the publisher account. Your application response using a key pair that is uniquely associated with the application. Your application stores the public key in its compiled <code>.apk</code> file and uses it to verify the licensing status response.</p> Loading
docs/html/google/play/licensing/licensing-reference.jd +1 −1 Original line number Diff line number Diff line Loading @@ -186,7 +186,7 @@ licensing server, possibly because of network availability problems. </td> </tr> <tr> <td>{@code ERROR_SERVER_FAILURE}</td> <td>Server error — the server could not load the publisher account's key <td>Server error — the server could not load the application's key pair for licensing.</td> <td>No</td> <td></td> Loading
