Hello,
I'm using the Inventory v1 purchase flow for the Google Play, mainly based on this guide: https://learn.microsoft.com/en-us/gaming/playfab/features/economy/tutorials/getting-started-with-unity-iap-android
I just found out a strange issue regarding not properly validated receipt by PlayFab. Here is the case:
User initialises purchase in the client
User cancels the payment (or at least that is what I assume)
A request is send to PlayFab to check if the receipt is valid. Google Play returns info that it is?
Player receives purchased item
Player never pays for the item
Steps 4 and 5 does not make any sense to me. I wasn't able to reproduce it on my side, maybe some bad actors are doing some trickery I can't figure out?
Here are all the resources I can provide:
Screenshot from Google Play console with order history:
An event from Data explorer:
{
"PlayFabEnvironment": {
"Application": "mainserver",
"Vertical": "master",
"Commit": "546a2ff",
"Cloud": "main"
},
"EventNamespace": "com.playfab",
"EntityType": "player",
"SourceType": "BackEnd",
"Timestamp": "2023-03-14T00:58:02.0439764Z",
"EventName": "player_receipt_validation",
"EntityId": "A1F5E1D44EC22FB5",
"EventId": "e9343cb909b54fd6912d3a4f1f04f890",
"TitleId": "4A27E",
"Source": "PlayFab",
"PaymentProvider": "Google Play",
"PaymentType": "ReceiptValidation",
"ReceiptContent": "{\"orderId\":\"GPA.3345-2466-7547-49095\",\"packageName\":\"com.xxx(hidden)xxx\",\"productId\":\"iap_store_gems005\",\"purchaseTime\":1678755424501,\"purchaseState\":4,\"purchaseToken\":\"ebnfjlhebbadmdibpgdajfdb.AO-J1OyLoZ2aFcqWSV3TQn9jhDjyfDoYdvPJV8n5dMKMTlTSZVvK1rnEzPVLrVr_r-PTCr6pUeiNnuxb8hunpstTcwj1Yzec6pq4oTaDCqyZGBWRanfMdP8\",\"quantity\":1,\"acknowledged\":false}",
"Valid": true
}
Overall screenshot of the whole situation:
Transaction ID: pchmbokmkkbcgkleojbneapj.AO-J1OwAJm-ax8NxBlEkJTj8YLKL2LI2ZBJtev0jEGH8_vmt9rpHOhs74jK5cje9Pr_pzwIS9vPqSXOD0GsD1s-txrtsD54fNaeEGeVuQenSQqra8XfchCE
I will appreciate for the helping hand regarding that, since that breaks game economy. How is it possible that Google Play handshakes with PlayFab and makes payment as successful even though the player haven't payed? Also based on Google Play payment status, it doesn't look like player issued a refund, since cancelation was immediate.
Thank you!