Targeting notifications, managing prices in different regions and other HMS features for online payments
In China, almost 900 million people use mobile internet, and 768 million of them make purchases through online payment systems. Behind these huge numbers is not only a high load on payment networks and servers, but also the need of mobile developers for convenient tools for working with transactions. To meet these requests, the Huawei Mobile Services platform is constantly developing tools for working with payments: a service for push notifications, a service for in-app purchases and the ability to pay with points from Huawei – we will tell about all this under the cut.
In-Apps purchase
In-Apps purchase is a payment service that allows users to make in-app purchases. For example, using IAP, you can organize in-game payments: players will purchase all kinds of virtual products, including subscriptions, without leaving the game.
Prices and languages in In-Apps purchases are managed by an embedded Product management system (PMS): it is enough to release one application package to promote it in all supported regions… Each location has one default currency and one language.
To protect user messages from eavesdropping or tampering, TLS is used to encrypt data and RSA is used for signatures. The data is encrypted and anonymized before being saved in the background. The cluster deployment and redundancy design are tailored for back-end servers, and real-time, 24/7 system monitoring facilitates troubleshooting.
IAP supports a variety of payment methods in 178 countries. Users can pay with bank cards, Alipay, WeChat, Carrier Direct Billing (DCB) and Huawei Points. Huawei provides a link to the product price in the app for each location based on the developer’s set converted price (including taxes) and exchange rate. You can change the price.
Users can link their cards and phone numbers to their Huawei IDs and make payments by entering the payment passwords they previously set. It is much more convenient than traditional payment methods.
Push kit
Push Kit is a cloud service for sending push notifications. The service, which we recently talked about in detail, supports a lot of useful functions: targeted mailings, sending notifications based on scripts and on a schedule, automatic language selection depending on the language of the recipient’s device system.
Push messages are sent via the AppGallery Connect interface. Another option is to connect to the Push Kit server over HTTPS. The service delivers notifications not only to Android / iOS devices and web applications. And not only notifications: with the Push Kit, you can send data directly to the app. The service supports the main cross-platform mobile development environments: React Native, Cordova, Xamarin, Flutter, etc.
Through the Push Kit interface, you can customize not only the appearance of notifications, but also the scripts that are executed when the user opens a push. Banks have long been using push notifications to inform customers about transactions, confirm transactions, etc. – it’s cheaper and easier than SMS.
Moreover, the Push Kit has the ability to display options for instant payment in the notification itself. For example, a user of a game application receives a push with an offer to pay for a subscription renewal or to buy a certain in-game product at a discount. In this case, a button to go to the payment screen appears in the notification.
Wallet kit
Wallet Kit is a virtual wallet on the HMS platform designed to store and use discount and gift cards, customer cards, coupons, tickets, keys, etc. The technology facilitates interaction between applications and users through location-based notifications, status updates in real time and NFC capabilities.
With Wallet Kit, the user can save flight boarding passes, event smart tickets and e-passes, connect to the smart lock at home or hotel room, and then use the phone as a key in NFC mode. Likewise, you can use the Wallet Kit instead of your car key. Moreover, such virtual keys are easy to share, for example, with family members.
You can add new cards or passes to Huawei Wallet through the webpage, email, SMS, Huawei Wallet Card Store, or the app. There are several methods of access and authentication: fingerprint, double-tap on the power button, home icon, or app icon. AI Selected functions are supported based on protocol and location.
Huawei Points
Huawei Points are Huawei Points that can be used to purchase virtual goods and pay for value-added services in HMS apps, including AppGallery, Huawei GameCentre, Themes, Video, Music, Mobile Cloud, and more.
Huawei Points are awarded for certain actions. To start earning them, you need a Huawei phone. In it, go to “Settings”, then “Huawei Account”, where you need to get access with the Huawei ID. In the section of payments and purchases, access to Huawei Points and all the options necessary to receive them will appear.
Where the number of points is indicated, we find a section called “Receive Huawei Points”, which offers options for receiving rewards. So, it is possible to earn points only for downloading applications. In other options, you need to invest money, for example, make purchases in applications, for which bonuses will be charged. Points must be claimed within 15 days after being credited to the account, otherwise the reward will be canceled.
Huawei Points cannot be redeemed for cash or used to purchase phones, tablets, headsets, or other physical items. But buying cloud storage, subscribing to the Huawei Video data plan, or purchasing paid apps is already something. If an agreement is concluded between Huawei and the app developer, the points can be exchanged for in-game currency – gold coins, diamonds, etc. To pay for any of these services, we perform the usual purchase process, only we choose not a card, but Huawei Points.
Application verification
Payment security in AppGallery is ensured by the Huawei Wallet, which has passed the PCI-DSS certification. But before entering the AppGallery, each app goes through a series of checks for Trojans, worms, viruses and other malicious files using the SecDroid threat detection platform from Huawei’s antivirus cloud. We also use antivirus engines from Avast and other well-known vendors.
Before the release of the application in AppGallery, it is mandatory to verify the identity of the developer or company. For Russia and other countries other than the PRC, this means that an individual provides a bank card and an identity document, such as a passport. Companies need to provide a business license or personal number DUNS…
The signature of the application is checked before downloading and installing on the user’s device. An encrypted channel is used for downloading – the HTTPS protocol ensures secure data transfer. Integrity checks are performed both at boot time and afterwards to prevent forgery of the installation package. Applications that fail validation cannot be installed.
EMUI has a built-in sandbox that allows applications to run in an isolated software environment: the system allocates a personal directory that other applications cannot access. EMUI also provides ASLR and DEP, which makes it impossible for attackers to exploit memory vulnerabilities.
How these services are used in Russia
In Russia, these services are being introduced most actively in the banking sector. Pioneers – the company mfms °which has successfully integrated Push Kit into its SDK to deliver push notifications. Now this solution is used by VTB, Alfa-Bank and Sberbank, where such notifications replace SMS with codes for payment, notifications of bank transactions, advertising, and so on. This lowers both distribution costs and implementation costs: with the SDK provided by mfms °, developers do not have to integrate APNs, FCM and Huawei Push Kit from scratch. Moreover, mfms ° have learned how to turn these push notifications into beautiful notifications in Russian with a branded name, logo and category of the store in which the user made a payment.
What services and payment tools do you use in your applications? Let’s discuss them in the comments: what are you missing in them, what new functions do you expect from the developers and what problems you encountered in your work.
