• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Apps Invalid IAB Purchases / Weird Receipts

SergioPrado

Lurker
Jul 19, 2017
2
0
Hi all! We've noticed that are a lot of in app billing payment records on our server that aren't reflected on Google Play Order Management. After looking at the receipts, we've noticed several differences between the ones from Order Management vs the ones that aren't there. For those that aren't on Order Management:
  • (Always) Order ID is apparently using the older format: 3925053605191231569.4699441885150531
  • (Always) purchaseToken is quite short: neliazyrqesvgwagglfwccfa
  • (Usually) title is almost the IAB item id, without an underscore: "standardannual subscription"
  • (Usually) description is almost the IAB item id, without an underscore: "standardannual_subscription"
  • (Usually) price is wrong and without the denomination (such as "0.11" or "0.26", rather than "$59.99")
Below is a passing and a failing order receipt.

After reading, my impression is that it's possibly fraudulent charges, but don't have an intuition as to the likelihood. If it isn't fraudulent charges, we do have a lot of incentive to figure it out as we would be leaving money on the table. Google Play's help team has confirmed it wouldn't be an invalid credit card or spotty internet connection. Any thoughts on what would be going on would be awesome.

**failing receipt**
{"id":"standardannual_subscription","alias":"BodBot Plus -
Annual","type":"paid
subscription","state":"owned","title":"standardannual
subscription","description":"standardannual
subscription","priceMicros":26000000,"price":"0.26","currency":"USD","loaded":true,"canPurchase":false,"owned":true,"downloading":false,"downloaded":false,"additionalData":null,"transaction":{"type":"android-playstore","id":"3925053605191231569.4699441885150531","purchaseToken":"neliazyrqesvgwagglfwccfa","developerPayload":"","receipt":"{"orderId":"3925053605191231569.4699441885150531","packageName":"com.bodbot.trainer","productId":"standardannual_subscription","purchaseTime":1500112205250,"purchaseState":0,"developerPayload":"","purchaseToken":"neliazyrqesvgwagglfwccfa"}","signature":"A4uP+JUzu7UJfD56y9g1Btym7gHRUvnwb7dgxR9lswR9D3a21JkCKU0YWkDKBiFVSyfiwW3CLWTuamwNsXVKU5UXjI+krbvcMDjEUlrmhZP4LApGVpJQG4eSWqib7LkBBBZPXAMBuX5HL7hHk1XSwh/oKxnm0NqQIlD6kd4sVGypDvMdRUofHu5AfkcEYRC0YIg46AoipXurbaCXMbv3lQYXjs+TGl7GxFRIuiseCr9BReAgxV0lQ5XZylB/QIatwWYDdGfkGNMtu0Bc/lUet6f2TW+sflGpVDMHNWdcSQkl+A/DEVK67M8B/eVl/w8="},"valid":true}​

**passing receipt**
{"id":"standardannual_subscription","alias":"BodBot Plus -
Annual","type":"paid subscription","state":"owned","title":"BodBot
Plus - Annual (BodBot Personal
Trainer:\u00a0Workout\u00a0&\u00a0Fitness\u00a0Coach)","description":"BodBot
Plus enhances BodBot's personalization through a suite of powerful
\ntools.","priceMicros":59990000,"price":"$59.99","currency":"USD","loaded":true,"canPurchase":false,"owned":true,"downloading":false,"downloaded":false,"additionalData":null,"transaction":{"type":"android-playstore","id":"GPA.3389-7532-0097-99951","purchaseToken":"bhjlmpicpacconeppfjalipi.AO-J1OziYOBRhZsG12KwcvuyRpOc7zhRCDsyW8C-YfRphW3UeVTbHFbt5tKoQC0vaCGE-lMq-64Qu3zwkX2KRA9yjo1u0Wr93vlGBX2QKZMHR37B8rVsI2IZXWjpeTtR5qo29u79X7li","developerPayload":null,"receipt":"{"orderId":"GPA.3389-7532-0097-99951","packageName":"com.bodbot.trainer","productId":"standardannual_subscription","purchaseTime":1499974851578,"purchaseState":0,"purchaseToken":"bhjlmpicpacconeppfjalipi.AO-J1OziYOBRhZsG12KwcvuyRpOc7zhRCDsyW8C-YfRphW3UeVTbHFbt5tKoQC0vaCGE-lMq-64Qu3zwkX2KRA9yjo1u0Wr93vlGBX2QKZMHR37B8rVsI2IZXWjpeTtR5qo29u79X7li","autoRenewing":true}","signature":"PT1vE2lTe8geQ2JYi3YISSYxVNuQAWO3a4uzjMp+UEr3l/p95hVs4j1TAHKvnpyqB/+dQUSddLGjqcVPLTgXDBvET7owy3dqA3G//hrsw2ORewHyD3iPI/56lr8onTOry8nPZXL+z2ziBhCmiUNue3RhVteepVdnUMaGz8ws24VYgKP9u4g8fc7hBcrzI3rTcufrn4MCauB+XhVLHa0y/AREPnvYg4MjgrEwVjf8HhPU+7w8hMKfpt9XC6VVdwYAPH54pYJO+YEsnYNkHIPJNbGuq2eiW/GbCxwuKtuP9bmaB7RQFA/HCWLqQNkt7lkL+ch4my2+1QZEsIVDz9s0qQ=="},"valid":true}​
 
Just guessing here, but could it be an app like lucky patcher (or any other piracy app} spoofing IAP?
It definitely sounds like it's a possibility, at least for some percentage of the invalid purchases. I'm particularly curious as to whether it would be for all of the invalid purchases; if that's the case, no problem, I can just put in checks to block them. If it doesn't explain everyone, I want to make sure to fix the issue so I'm not leaving money on the table by leaving a mistake at some point in the IAB flow.
 
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones