Android In-App Purchase transfer reconiliation - android-inapp-purchase

We have recently been tasked with adding In-App Purchases to our Android mobile application. We have completed this and have started testing small purchases internally in our production environment prior to release.
We're successfully performing the purchase and storing the result in our back-end database. We have a service that contacts the Google API daily to query about the PaymentState for the transaction.
Today our first test purchase changed to 1 (Payment Received).
We have not yet received the money transfer in our bank account, but it's probably on the way.
Our question is, once the PaymentState has changed to 1, how can we reconcile this with our bank account?
Our finance department doesn't like the sound of just trusting that we got the money. We want to ensure that each payment is accounted for in cash.
How are others accomplishing this?
Thanks

Does your bank offer any interface for a computer to interact with your bank account?
In Germany, almost all banks support either the Home Banking Computer Interface (HBCI) or it's successor the Financial Transaction Service (FinTS) to connect arbitrary computer programs with the bank account and pretty much provide all services available on their web-based online banking sites via those interfaces as well.
With such an interface you could then check the transactions on your bank account programmatically and simply check if the transaction reference provided by Google has already arrived on your bank account.
Without knowing where you're based and what your bank is / what interface they provide, it's hard to provide more details. (There are multi-national/somewhat universal electronic interface standards for how banks communicate with one another, but these are usually not open to the customers and most likely don't provide the required data about one account's individual transactions)

Related

Authentication Service on GCP with data storage options in Europe

I am looking for "authentication as a service" (fully managed, Google or any other 3rd party) that provides authentication for a web-service on Google Cloud Platform with (user) data stored on servers located in the European Union.
Currently, we use Firebase Authentication with Google as Identity Provider for authentication. After the cancelation of the US-privacy-shield last summer, we formally have to search for something else, as Firebase Authentication is currently an US service only (https://firebase.google.com/support/privacy).
Please only technical advise, as we have discussed the lets-wait-and-see option in depth already.
I am aware that you are looking for technical advise only for another Europe based authentication service, but it maybe worth mentioning that The Privacy Shield frameworks provided a mechanism to comply with data protection requirements when transferring EEA, Swiss, or UK personal data to the United States and onwards. In light of the recent European Court of Justice ruling on data transfers, Firebase has made updates to their terms to add the relevant Standard Contractual Clauses as adopted by the European Commission, which, as per the ruling, can continue to be a valid legal mechanism to transfer data under the GDPR.

Sabre air search and book flow

Hoping for a bit of guidance / reassurance on air search and book flow in Sabre (SOAP API) which I'm integrating with for a client website project.
My client is planning to take payment separately via a 3rd party payment gateway and also have a 3rd party ticketing robot.
The details I have been given from the ticketing robot company is that we should create the PNR then queue transfer to "International/Domestic Agent Q50" (with their PCC).
I've got access to and have been reading the Sabre Dev Studio, have access to the Sabre SOAP API (I have my client's credentials and PCC) and have followed the "Low Far Search and Book" workflow here (https://developer.sabre.com/docs/read/workflows/Low_Fare_Search_and_Book) exchanging EnhancedAirBookRQ and PassengerDetailsRQ for CreatePassengerNameRecordRQ as advised on that page and inserting payment before, my proposed work flow is:
Create a token with TokenCreateRQ
Use token to perform a search with BargainFinderMaxRQ
Display results to customer, customer picks an itinerary / flight segments
Collect customer details from customer
External payment gateway take payment for amount returned in BarginFinderMaxRQ
Book the desired flight segments using the orchestrated API CreatePassengerNameRecordRQ, including:
Adding passenger details and flight segments
Specifying that the payment was in cash
Performing the queue transfer?
I've got BargainFinderMaxRQ coded up and working.
I'm starting the integration with CreatePassengerNameRecordRQ and have noticed the price returned can be different to the price returned from BargainFinderMaxRQ. Which makes me question the above work flow. I selected it due to the easier integration (I can use tokens rather than manage a session and it's just one API call).
So, my questions:
Is my understanding correct, is this the correct work flow for the project? Given that my client is taking payment via an external payment gateway and want to display the final figure to the customer before they pay.
I'm struggling to understand how the ticketing robot fits into the process. Hoping for a steer on how that affects the PNR call(s). Do I still set the ticket type to "7TAW" and queue place onto their PCC + queue number?
Thank you for any help, greatly appreciated.
1) Yes, the process is correct, but there are scenarios in which airlines change fares or where the airline does not confirm the availability immediately, so when you price you are actually pricing an IATA fare, which is usually more expensive. For particular scenarios, I recommend you to contact the API support.
2) The "7TAW", which is the ticketing time limit, is meant to have the limit set by the airline until when you can issue the ticket without having the possibility of losing the given price. Some airlines require that to be done on the same day of the booking (which is what you are setting with the 7TAW). Some airlines give you some days and some others can give you just 30 minutes after booking. It is almost impossible for us to respond on how would the robot require this to be provided, so for you to be sure, I would recommend you checking with the owners of that robot and ask them how would they want it, maybe they don't even care.

Google Map API - Plan selection

We are planning to develop a web based application for one of the Research Institute.
Overview of the application:
It is survey application
It requires login credentials for data-entry operator to open web-app for collecting participant’s information
It has fixed number of login credentials for data-entry operators (No user registration)
Google Maps APIs will be used in this application for locating and collecting participant’s address details (Places Search APIs and
Reverse Geo coding)
We have gone through the following links
https://developers.google.com/maps/pricing-and-plans/
https://developers.google.com/maps/terms
As this application will be used by Research Institute, We are not sure which plan (Standard/Premium) can be used for such type of application.
Also we are not able to connect with Sales team where we can evaluate the application for correct billing plan.
We need help on following items
Identifying correct plan/package for pricing and legal terms as the customer is a research institute
How can we connect to direct Googles' sales team for clarifying or identifying correct plan as there is no direct support available except for Premium plan?
After different searches (googling) and connects found below URL to connect with Google Support team for Map API queries
https://enterprise.google.com/intl/en_in/maps/contact-form/
Note: We got response from google support team after aprox. 7 days. So expect minimum 7 days for response.
Hope this would help to someone having similar query.
Thanks!

Can firebase be used as a database in China now

I am now developing a social application. But recently I noticed that Firebase is blocked in China. So I want to make sure whether firebase can be used in China?
* EDIT 24 January 2020 *
Some of the information here might be out of date.
Firebase has a China service at https://firebase.google.cn/ which is not blocked in the PRC. (Thanks to #c-an for bringing this up.)
That said, *.google.com and *.googleapis.com are still blocked in China. I'll change/update this as I get more information.
Original Answer
For now Firebase is blocked and can't be used in China, along with other Google services, because the PRC has blocked all URIs with *.google.com and *.googleapis.com.
This also means, for example, that the Play app store can't be accessed from China. If you don't know what's going on between Google and the PRC, here's a primer.
Also, according to Chinese law, user data of Chinese citizens must be stored inside of the PRC. You might be able to get away with only addressing this once you have a significant number of users, but the trend has been for the CCP to crack down more and more on foreign information, even busting VPNs and declaring them illegal despite complaints of academics who say that they need, you know, real information.
As we're now in the run-up to the 19th Party Congress this autumn, we can expect the situation to get worse before it gets better. Maybe 2018 will leave room for relaxation?
For now, very sadly, forget anything Google in China, and be prepared to store user data of PRC citizens on servers located inside the Great Firewall. Also be prepared for seemingly random degradations of your service within China, or to be blocked altogether, along with these other blocked services.
Update 2017-11-23: The 19th Party Congress has come and gone and, if anything, Google services look less likely than ever to become available in China. The great firewall is likely to continue to be strengthened as the Chinese Communist Party extends its role into corporations, and foreign firms are generally disadvantaged.
Update 2018-08-05: Google plans to open a censored version of its search in China, according to leaked documents. It seems reasonable to assume that if a censored Google Search becomes available in the PRC, then Firebase and other Google Cloud products may as well. The censored search plan, code-named Dragonfly, has reportedly been in the works since December 2017, possibly a result of meetings that month between Google CEO Sundar Pichai and an unnamed top Chinese official when they met at the World Internet Conference in Wuzhen, China, where PRC General Secretary and President Xi Jinping gave a speech.
Update 2018-12-23: It appears that Google's Project Dragonfly is now on hold if not outright abandoned. This implies that the outlook for Firebase in China has worsened.
You can build your own Rest API server outside of China, and make the server talks to Firebase rest api endpoints of Realtime db or Authentication, https://firebase.google.com/docs/reference/rest/database. So you web app talks to your rest api server (accessible from China), and your rest api server talks to Firebase.
The answer is NO :
Using a huge part of Firebase services, I contacted the support, this is the answer :
I'm glad you are considering Firebase for your project. However, in
accordance with current U.S. policies, it is not possible to use
Firebase from within certain countries. For more information about
these restrictions, please refer to the U.S. Department of the
Treasury website. The current list is of blocked countries is listed
here. If you have end-users located within China, it's quite difficult
to access Firebase there since the use of Firebase requires Google
Play Services, which most of the devices in China don't have. We
understand that access to our products has been problematic from
within mainland China. We believe it may have been caused by
networking conditions in China, rather than Google's own services.
Since access to services is determined by the respective country's
government and they don't report to Google, the Transparency Report is
the most authoritative it can be.
I just tested and I am able to access my realtime database hosted on the Singapore region in China mainland. No need to modify anything. Whatever works overseas, works in China. Tested in Beijing.
Facing the same problem, if you are in china, install Astrill VPN and change from openweb to StealthVPN, connect to a server like USA for china one and login to firebase. It will work successfully.

Deploying app with Crashlytics to Apple Appstore - do I need a privacy policy?

I am about to submit an app to the Apple AppStore built in Swift that uses Crashlytics to capture crash information. As users of Crashlytics know, some information about usage, duration, crashes, etc. is captured and stored on the Crashlytics servers. My application does not ask for, store or attempt to capture any user data.
My question is about the privacy policy for my application. Since I don't capture any user data, I want to state that in my privacy policy but I'm not sure that's factual since I am using Crashlytics. Any feedback on people that have used Crashlytics in their app and have an actual privacy policy?
Thanks
--Vinny
Quick answer: yes, you need that privacy policy. There are ways to get it done fast, too.
Longer answer:
Third parties (here Crashlytics)
When dealing with a third party service like this, often a quick look into their legal documents will help (for Crashlytics in this case as described in your question).
(...) At all times during the term of this Agreement, Developer shall
maintain a privacy policy (a) that is readily accessible to users from
its website or within its online service (as applicable), (b) that
fully and accurately discloses to its users what information is
collected about its users and (c) that states that such information is
disclosed to and processed by third party providers like Crashlytics
in the manner contemplated by the Services, including, without
limitation, disclosure of the use of technology to track users’
activity and otherwise collect information from users. (...)
And
Developer shall at all times comply with all applicable laws, rules
and regulations relating to data collection, privacy and security,
including, without limitation, the Children’s Online Privacy
Protection Act (“COPPA”). Crashlytics may, at its sole discretion from
time to time during the Term of this Agreement, audit Developer Data
to verify compliance.
Crashlytics is actually being unusually vocal about this topic.
The App Store
At the time of writing (and since iOS8) Apple requires privacy policies for 5 categories:
Kids Category, HomeKit, HealthKit, Apple Pay, and Keyboard Extentions. Also they require privacy policies for user registrations (more). I can't tell if any of the above for your app is true. Apple still says in their App Store Review Guidelines that you need to be compliant with all applicable laws. This brings us to the third and most important reason.
Privacy related regulations
All of the above is just there because of global privacy regulations, these companies would most likely not care otherwise. As soon as you work with User data you are mostly under an obligation to disclose these facts. It's personal data like names, addresses or the tracking of user behaviour. It's been written at length why analytics services need privacy policies. All of it is more important as soon as you share data and use third party services for it. Mostly the disclosure or some kind of consent is the condition for it's compliant usage.
If you are interested in reading more about the matter in the context of mobile apps I'd suggest any of these documents:
ICO UK
Ireland
USA/California
Canada
Australia
Hope this helps.
(For proper disclosure: I do some work for iubenda, a tool that helps creating privacy policies for apps and websites)
Vinny, I think it's not mandatory (I've seen apps using Crashlytics wihtout a privacy policy), but it's recommended to have transparency in the communications with your users.
Crashlytics already has a privacy policy so you can just use that policy and add a statement informing that you are not collecting any sensitive information from the user, such as email or phone number.

Resources