Order Completes Without Payment!... #460
Comments
hyochan
added
🤖 android
|
One more thing i have to add here, All orders even if payment is declined they shows up in the Play Console Order management, but not these orders! there is no records for these order in Google Play console, looks like they were never asked for payments!. some error accured while asking for payment and .then excuted i am just guessing not sure |
|
I investigated further and find out that these are fake order and these fake purchases were made by a cheating tool/ app called lucky patcher, i watched this video https://www.youtube.com/watch?v=MYgW5wvgYdM and followed the steps in the video, and guess what?? i hacked(cheated) my own App and was able to place order without real money!!! my orders were getting completed without real payment!!.. So it is cheat not bug!... How can we stop it on client side? |
|
Temporarily i solved my problem but it is not a permanent fix, What i am doing is i am checking TransactionId if transaction id includes "GPA" in the start then it is a real order otherwise it is fake order.. As i told before that transactionIDs of fake orders only have numebrs like I hope someone have better solution |
|
You need to verify all the transactions on the server side using verifyReceipt APPLE endpoint. https://developer.apple.com/library/archive/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateRemotely.html //edit; you are using Android, you need to do the same thing, but verify purchaseToken with google API on the server side |
|
I believe #510 will fix this. |
Version of react-native-iap
2.4.7
Version of react-native
0.59.3
Platforms you faced the error (IOS or Android or both?)
Android
Expected behavior
When payment is not made, .catch function must execute not the .then function
Actual behavior
I actually cannot figure out what the error really is because it doesnt happends on my device, its working good on my devices, but some users are getting the orders completed without payment!..
I am actually saving orders in my databases, whenever the user completes a purchase it is saved in my database with transaction id, Now shocking news is that it even generates a fake Transaction ID, I dont know when does this happens because it never happend with me on my device but it is actually happening with some users that they are getting their order without payment, I currently have 3 orders in my database with different transaction ids but all of them are fake transaction id when i go to play console and search for this transaction ID
2262958360117498352.5654626714164118i cannot find any order on console with this transaction id, its like a fake transaction id because the original starts withGPA.and the order is only saved to my database when .then promise excutes, so it means somehow .then promise is excuting without payment, and users are actually receiving the in-app product without payment!..
i am not even sure that this is a bug with play store or an error in the library!.. its happening with few users they are actually getting the products they never paid for!..
Tested environment (Emulator? Real Device?)
Emulator and real device both
Steps to reproduce the behavior
Dont even know why is this happening so no steps taken yet.
The text was updated successfully, but these errors were encountered: