问题
The sample app that the Google Developers guide refers to has a method called verifyValidSignature() that looks like this in the BillingManager class:
/**
* Verifies that the purchase was signed correctly for this developer's public key.
*
* Note: It's strongly recommended to perform such check on your backend since hackers can
* replace this method with "constant true" if they decompile/rebuild your app.
*/
private boolean verifyValidSignature(String signedData, String signature) {
try {
return Security.verifyPurchase(BASE_64_ENCODED_PUBLIC_KEY, signedData, signature);
} catch (IOException e) {
Log.e(TAG, "Got an exception trying to validate a purchase: " + e);
return false;
}
}
What exactly do they mean by "perform such check on your backend" ? What backend?
This method is called from this method (also in BillingManager):
private void handlePurchase(Purchase purchase) {
if (!verifyValidSignature(purchase.getOriginalJson(), purchase.getSignature())) {
Log.i(TAG, "Got a purchase: " + purchase + "; but signature is bad. Skipping...");
return;
}
Log.d(TAG, "Got a verified purchase: " + purchase);
mPurchases.add(purchase);
}
I don't really understand what I'm supposed to do on said backend, that is to stop an attacker from simply removing
if (!verifyValidSignature(purchase.getOriginalJson(), purchase.getSignature())) {
Log.i(TAG, "Got a purchase: " + purchase + "; but signature is bad. Skipping...");
return;
}
just as easily as replacing verifyValidSignature() with "constant true" as the JavaDoc for verifyValidSignature() warns.
How would I stop an attacker from decompiling my app and replacing something to bypass my in-app-purchase check?
来源:https://stackoverflow.com/questions/50089175/verifying-in-app-purchases