diff options
| author | 2016-01-27 12:58:52 -0800 | |
|---|---|---|
| committer | 2016-02-01 11:06:01 -0800 | |
| commit | 74916a5682e3cc0918067a3e3d4fd09f7404af6f (patch) | |
| tree | 40eb4c3ee5cc1d6513a2b953a7e4112ff442f3f4 | |
| parent | b3631e96b61ad3194dc946fefbb66dc513ed2324 (diff) | |
docs: Recommend not using email address in payload string
See first comment for doc stage location.
bug: 26492391
Change-Id: I72c159f1a7b71ff67c0d2c5b634dcc72d9150e6a
| -rw-r--r-- | docs/html/google/play/billing/billing_best_practices.jd | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/html/google/play/billing/billing_best_practices.jd b/docs/html/google/play/billing/billing_best_practices.jd index 9476ffb71e23..70084b8abbcd 100644 --- a/docs/html/google/play/billing/billing_best_practices.jd +++ b/docs/html/google/play/billing/billing_best_practices.jd @@ -100,6 +100,12 @@ Google Play returns this string together with the purchase details.</p> made the purchase, so that you can later verify that this is a legitimate purchase by that user. For consumable items, you can use a randomly generated string, but for non- consumable items you should use a string that uniquely identifies the user.</p> + +<p class="note"> + <strong>Note:</strong> Do not use the user's + email address in the payload string, since that address may change. +</p> + <p>When you get back the response from Google Play, make sure to verify that the developer payload string matches the token that you sent previously with the purchase request. As a further security precaution, you should perform the verification on your |