以下是Google 网站上应用内结算的安全和设计部分的一部分:
在服务器上执行签名验证任务
如果可行,您应该在远程服务器上而不是在设备上执行签名验证。在服务器上实施验证过程使攻击者很难通过对您的 .apk 文件进行逆向工程来破坏验证过程。如果您将安全处理卸载到远程服务器,请确保设备-服务器握手是安全的。
那么在这里,“让它变得困难”是否意味着无论如何,总是有可能破解应用内购买?
问问题
450 次
1 回答
1
This means your developed app, which you can upload to play store, is more secure from cracking it if you use a signature verficiation on a remote server. Almost every app can be decompiled, but if you store your verification process on a remote server, a cracker must get this too. He can not see it directly in the reverse enginneered source. There are many possibilities to make your .apk more secure from cracking it.
于 2013-05-11T20:32:21.667 回答