none
关于审核时遇到的问题,咨询处理方式 RRS feed

  • 问题

  • 您好,我们在审核认证时得到的反馈如下:

    App Policies: 2.1.2 In App Billing

    If your app includes in-app purchase, billing functionality or captures financial information, the following requirements apply:

     

    If your app includes in-app billing functionality or captures financial account information but does not use the Microsoft in-app purchase API provided by Windows Phone, the following requirements apply for the listed account types:

    • For all accounts:

      • At the time of the transaction or when you collect any payment or financial information from the customer, your app must identify the commerce transaction provider, authenticate the user, and obtain user confirmation for the transaction. The app can offer the user the ability to save this authentication, but the user must have the ability to either require an authentication on every transaction or to turn off in-app transactions. If your app collects credit card information or uses a third-party payment processor that collects credit card information, the payment processing must meet the current PCI Data Security Standard (PCI DSS).

    • For Individual and Student accounts:

      • Your app cannot collect sensitive financial account information or payment within the app.

      • You may accept payment outside the app through a pre-existing billing relationship and you may collect payment and personal account information outside of the app experience through an approved third-party payment processor or via a secure HTTPS website.

    Notification/Action Requested:

    The user is prompted for payment information from within the app or captures financial account information. Transactions must occur external to the app via a secure (HTTPS) website, or through a hosted control where the address bar is visible to verify the URL and HTTPS security.

    但是,我们的支付是在sdk中完成而不是基于web页面;sdk和服务端是C/S结构,交互时使用的是我们内部定义的接口协议(本身具有签名和加解密机制),只是定义消息格式的时候用的是http+json。

    这种情况下我们不更换支付方式是否可以通过审核呢?该如何修改处理比较妥当?

    2014年8月6日 5:38

答案

  • 你好,

    我是这么理解这一段话的,你需要使用HTTPS的方式来完成支付,包括支付中的任何数据传输,但是你这里使用的是HTTP+JSON很有可能是导致程序验证不通过的根本原因。虽说你们有内部的加密解密以及签名机制,但是对微软而言,他不知道你的加密方式,只知道你的程序是通过HTTP来验证。

    我认为你或许可以在验证的时候写明你们是有内部的机制来保证消息不被破解和泄露。不过这个方法似乎不太可靠,建议还是换成HTTPS+JSON来双重保证把。

    --James


    <THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
    Thanks
    MSDN Community Support

    Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    2014年8月7日 6:52
    版主