Android InApp Billing - what are really nonces for?

Question

YES, I\'ve read all the docs @ developer.android.com and I do understand it all with one basic exception - what it was introduced for.

Since all order responses from Goo

Answer 1

Imagine your user purchases an item for lets say $100. Your app is notified that there is payment data available, the app requests the data and the AppStore answers with a PURCHASE_STATE_CHANGED. The user records the message (!) from the AppStore and keeps it save.

Later, the user fakes a notification to your app, telling it that payment data is available (anyone can fake that, as this notification is not signed). The app thinks "oh, hey, maybe I just crashed and lost all information about a purchase that my user just made!? Let's see what the AppStore has to say". So it requests data from the app store. The user interrupts that request and sends the previously recorded message to your app. The app sees the message, verifies it and finds that it is valid (because it's signed and all). So the app will give you another valuable $100 item. And another. As often as the user replays the recorded message. Therefore called: a replay attack.

There is however one thing that prevents such an attack: the nonce. If your app sends a nonce in its request for payment data, it expects to receive that same nonce in the PURCHASE_STATE_CHANGED reply. As a nonce is only used once, you can't replay previously recorded messages, because they won't match with the nonce that was used in the request.