Hi.
I added Google subscription payment using Unity IAP, codelssIAP.
72 hours after the user makes the subscription payment, it is automatically refunded.
I tried with a real personal account, but the subscription was automatically refunded even though I did not cancel.
Is it a problem with Unity IAP?
This problem did not occur when using Unity IAP version 1.18.0.
The problem occurs after updating to version 2.2.5.
I am using Unity IAP version 2.2.5 and Unity 2019.4.11f1 version and In-app purchasing package version 2.2.1.
How do you know it is refunded, please share a screenshot.
@JeffDUnity3D
The screenshot is a record of two other users’ subscription orders.
I checked it in the Google order history.
Thanks.
This is not an issue that we are aware of. Can you share the device logs when this happens? Sample IAP Project
As a result of contacting Google, I received the following answer.
If you use Google Play Billing Library 2.0 or later, you will automatically receive a refund if you do not acknowledge the purchase within 3 days and Google Play will cancel the purchase. Renewal of a subscription product does not require confirmation of purchase, but it is confirmed that all initial subscription order orders require purchase confirmation.
Therefore, please check whether acknowledgePurchase() is properly implemented in your app. For more information, please refer to the following Android developer documentation.
What method should be used in Unity IAP for this?
We should be doing this already, you can see the acknowledge flag in the receipt. In your testing, did you wait 3 days, and then see the refund?
I made a purchase from an app that has already been distributed. Purchases were made in the same way as regular users in the actual distributed app. It was confirmed that the refund was automatically issued after 3 days.
You can see it in the screenshot from this thread.
In addition, when a one-month subscription test purchase is made with a test account, the results appear within 5 minutes, and an automatic refund is also provided.
It was said that the acknowledge flag could be checked, so I checked the log by test payment. It turns out false. The test payment details are shown in the Google order history.
What is the procedure for the acknowledge flag?
Are you checking the Consume Purchase flag on the IAP Button properties in the Inspector? We may have an issue but need to gather as much information as possible, we’ve heard previously of this same issue Subscription acknowledged false
I have the same problem.
I upgraded the IAP version to 2.2.7, but it still seems to happen.
Consumable products are handled normally.
However, non-consumable products are automatically refunded after 72 hours.
Can you share a solution for this?
Not entirely sure if this is related, since we’re only using consumable products, but we’ve had similar issues nonetheless. We had thousands of dollars worth cancelled IAPs just last weekend on Android. There seems to be some kind of exploit that forces the purchases to cancel, not sure if it’s about the application, faulty payment method or something else. A user reported that they could abuse the Family Link to produce this: The purchase requires permission from a guardian but closing the application at the right moment will trigger the purchase anyway.
We’re using server backend to verify the receipts and this was happening with IAP version 2.2.6. In the Google Play console, these purchases have an “Order received” event, then “The order is being canceled” after a minute or so and “The order could not be completed and was canceled” five minutes later. The Family Link ones seem to have a wait time of over 24 hours before the cancel actually happens. The thing is, the Google API at our backend accepts the initial receipt before the cancel and the user gets their product. We have no idea how the users can cancel the purchases like this. Note that these are not refunds. We can see that the IAP plugin is sending errors with of type “Unknown” as well.
We suspected that this must be an issue in Google’s end, because the faulty orders were accepted by their API and they’re the ones creating the orders, right? But we noticed that these started happening after we updated the plugin, so we blindly reverted the version to 2.1.1 (again). The issue was fixed and now we see the following events in the Play Console: “Order received”, then immediately “There was an issue charging the customer’s payment method” and after five minutes “This order could not be completed and was canceled”. The users do not get their product this time.
This makes us to wonder how the plugin can affect the validity of the purchases or payment methods.
The Refund issue should be fixed in Unity IAP 2.2.6 and above, and In App Purchasing library 2.2.2 in Package Manager . Previous purchases will still have the issue, but new purchases (both consumable and non-consumable) should not see the auto-refund behavior.
I was using Unity IAP 2.2.7, and App Purchasing library 2.2.1 in Package Manager.
As it was an urgent problem, I downgraded to Unity IAP 2.2.3 version, which worked fine, and applied the patch.
As you said, I’ll try again after upgrading the App Purchasing library to version 2.2.2 in the next app update.
I double-checked, and we were using versions 2.2.6 and 2.2.2 in our problematic live build. Since we could not reproduce the problem ourselves and it was only exploited by users, I can’t provide any more details about our issue. We only know that reverting to 2.1.1 In App Purchasing library prevented these approved cancels from happening. I guess we’ll have to stick to the old version for as long as possible.
No, you’ll want to use IAP 2.2.6 or 2.2.7 to avoid the issue. Keep in mind that it doesn’t address purchases made with previous versions. If you can’t reproduce on 2.2.6, that means it’s fixed for you too.
What I’m saying is that the issue started after updating to 2.2.6 from 2.1.1*.* We had to make a hotfix and revert back to 2.1.1, and this seems to have prevented the exploit/authentication issues. We can’t reproduce the issue in 2.2.6, but only because we don’t know how the exploiters do it. But we can see that Play Store or our backend aren’t accepting these exploit attempts anymore with 2.1.1. The plugin version is the only difference here. So no, we won’t be using any version past 2.1.1 for now. We haven’t tried 2.2.7 in live environment and won’t dare to test it without knowing any more details, either.
Its not an exploit, it was a bug in IAP. We were not properly setting the Acknowledge flag prior to 2.2.6 and purchased products were refunded after 3 days by the store.
Sorry about the confusion and posting to an unrelated thread, but our issue had nothing to do with subscriptions or the 3 day wait, the purchases were cancelled immediately by the player or possibly by some store automation later. Please see my earlier post: https://discussions.unity.com/t/823046/10
Again, we experienced this issue with version 2.2.6.
Got it. And “thousands of dollars”? From a handful (or a single) malicious user? If multiple users, that would imply more of a system issue, and not an exploit. And your mention of it being related to IAP version is indeed concerning, sorry I missed the context of your earlier message. I doubt that malicious users would suddenly and collectively identify a flaw in an app update that uses a new version of IAP. Again would imply a system issue. I will definitely keep an eye out for similar reports, so far you are the only one. It might make sense to open a new thread if you continue to see this issue so other users looking for similar info can find it
I would say that there were about a dozen users who were doing this and about seven who seemed to make these type of purchases almost non-stop during specific hours (they were Indonesian). These purchases got cancelled very quickly after receiving the consumable (usually a minute or less). A few others got cancelled at around 26 hours after the purchase and we suspect these have to do with the Family Link based on feedback from a user who contacted our support.
Could it be that the changes in Google Play Billing Library 3 are causing this, such as the differences in the transaction identifier/orderId behavior? It’s hard to tell exactly which party is rejecting the faulty payment method when using IAP 2.1.1.
Comparing new and old receipts, the old ones don’t have things like acknowledgement flag. I noticed that it’s false for both valid an fraudulent purchases (although it is possible that it has changed after saving this data). Purchase state is 0 for the valid purchase and 4 for the invalid one, I don’t know what these should represent. There are crucial changes to purchase consumption and acknowledgement in BL3: What is the relationship with Unity IAP and our backend here? Does IAP consume/acknowledge the purchases? It seems like the backend should actually consume them manually, but how can we be sure that the purchase was valid from Unity IAP side?
I would not want to guess at the cause. You will want to use Receipt Validation. You can use PlayFab for ChilliConnect for example for server side validation or use this one (if you are not already), And non-stop purchases? That sounds like fraud. But a fraudster would not be contacting you. It could be an issue with an Indonesian bank process, we would have no control. https://docs.unity3d.com/Manual/UnityIAPValidatingReceipts.html If you can provide specific steps to reproduce, we could look into it.