Search code examples
xamarin.formsin-app-billingsubscriptionreceipt-validation

How do you perform receipt validation for Android on Xamarin Forms


I am following this guide: https://jamesmontemagno.github.io/InAppBillingPlugin/SecuringPurchases.html

to try and perform receipt validation. It mentions that I must implement this interface: IInAppBillingVerifyPurchase. But it also mentions for Android that I must get a public key from somewhere and split it into three parts. My question is where do I get this public key from?


Solution

  • This seems to be provided by the Play Console of your application.

    To help ensure the integrity of the transaction information that is sent to your application, Google Play signs the JSON string that contains the response data for a purchase. Google Play uses the private key that is associated with your application in the Play Console to create this signature. The Play Console generates an RSA key pair for each application. You get this response JSON using the getOriginalJson() method within the Purchase class.

    Note: To find the public key portion of this key pair, open your application's details in the Play Console, click Services & APIs, and review the field titled Your License Key for This Application. The Base64-encoded RSA public key that is generated by Google Play is in binary encoded, X.509 subjectPublicKeyInfo DER SEQUENCE format. It is the same public key that is used with Google Play licensing.

    When your application receives this signed response, you can use the public key portion of your RSA key pair to verify the signature. By performing signature verification, you can detect any responses that have been tampered with or that have been spoofed.

    source: https://developer.android.com/google/play/billing/billing_library_overview#Verify-purchase