From 74916a5682e3cc0918067a3e3d4fd09f7404af6f Mon Sep 17 00:00:00 2001
From: Andrew Solovay <asolovay@google.com>
Date: Wed, 27 Jan 2016 12:58:52 -0800
Subject: docs: Recommend not using email address in payload string

See first comment for doc stage location.

bug: 26492391
Change-Id: I72c159f1a7b71ff67c0d2c5b634dcc72d9150e6a
---
 docs/html/google/play/billing/billing_best_practices.jd | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'docs/html')

diff --git a/docs/html/google/play/billing/billing_best_practices.jd b/docs/html/google/play/billing/billing_best_practices.jd
index 9476ffb71e23..70084b8abbcd 100644
--- a/docs/html/google/play/billing/billing_best_practices.jd
+++ b/docs/html/google/play/billing/billing_best_practices.jd
@@ -100,6 +100,12 @@ Google Play returns this string together with the purchase details.</p>
 made the purchase, so that you can later verify that this is a legitimate purchase by
 that user. For consumable items, you can use a randomly generated string, but for non-
 consumable items you should use a string that uniquely identifies the user.</p>
+
+<p class="note">
+  <strong>Note:</strong> Do not use the user's
+  email address in the payload string, since that address may change.
+</p>
+
 <p>When you get back the response from Google Play, make sure to verify that the
 developer payload string matches the token that you sent previously with the purchase
 request. As a further security precaution, you should perform the verification on your
-- 
cgit v1.2.3-59-g8ed1b