I am developing an in app billing application for Android
In this sample, the security module is hosted in the android device
I’m trying to implement the security module of In App Billing of this demo application Dungeons in a PHP remote server, following the billing best practices of google.
I encounter a some difficulties (I am not familiar with PHP), and I would like to know if :
-
Does anyone know if a PHP security module was already developed and open source?
-
Do I have to rewrite in my server all the JAVA code in PHP, or do I just need to rewrite the part verifying the signature, as this thread is doing?
I am not a pro in security ^^ and that’s why I have some difficulties in seeing what needs to be secured and how… (since in the JAVA code, it says that :
For a secure implementation, all of
this code should be implemented on a
server that communicates with the
application on the device
)
I really thank you if anyone has some tips.
Jer
The idea is to send signed data and the signature from the app to your web server. Then your webserver can verify the signature and allow access to protected content and such.
You would only need to rewrite the part verifying the signature, though you might find my php library for license verification useful.