I have two app on Google Play. The old and new one. And I would like to use old auth token to the new app to be easier for users.
I tried to use Play Install Referrer Library but it didn't work.
The other way was to use SharedPreferences
but MODE_WORLD_READABLE
has been deprecated.
Old APP :
try {
Intent intent = new Intent(Intent.ACTION_VIEW, Uri.parse("market://details?id=com.<PACKAGENAME>&token=pokpok&refresh_token=lolol"));
startActivity(intent);
} catch (Exception e) {
e.printStackTrace();
startActivity(new Intent(Intent.ACTION_VIEW, Uri.parse("https://play.google.com/store/apps/details?id=com.<PACKAGENAME>?token=pokpok&refresh_token=lolol")));
}
New APP code :
private fun shouldGetTokenFromOldApp() {
mReferrerClient = InstallReferrerClient.newBuilder(this).build()
mReferrerClient.startConnection(object : InstallReferrerStateListener {
override fun onInstallReferrerSetupFinished(responseCode: Int) {
when (responseCode) {
InstallReferrerClient.InstallReferrerResponse.OK -> {
// Connection established
val response: ReferrerDetails = mReferrerClient.installReferrer
val url = "https://play.google.com/store?${response.installReferrer}"
Log.d("APP", "Token old app 1 : $url")
val uri: Uri = Uri.parse(url)
val token = uri.getQueryParameter("token")
val refreshToken = uri.getQueryParameter("refresh_token")
Log.d("APP", "Token old app 2 : $token - $refreshToken")
mReferrerClient.endConnection()
}
InstallReferrerClient.InstallReferrerResponse.FEATURE_NOT_SUPPORTED -> {
// API not available on the current Play Store app
}
InstallReferrerClient.InstallReferrerResponse.SERVICE_UNAVAILABLE -> {
// Connection could not be established
}
}
}
override fun onInstallReferrerServiceDisconnected() {
// Try to restart the connection on the next request to
// Google Play by calling the startConnection() method.
}
})
}
This sounds like a nice thing to do for users, but seems very dangerous. You are sending an Auth token - something which if someone has it could allow them to login as that user anywhere off through untrusted systems like world readable files or referral parameters in URLs.
If you really need to do this, I'd suggest using some form of inter-app RPC (IPC) to communicate the token after the app is installed. One option would be a binder to a service that supplies the auth.