恕我直言，本地存储 getPurchasesList() 响应绝对没问题.我会详细说明.

IMHO, locally storing the getPurchasesList() response is absolutely fine. I'll elaborate a little bit more.

这完全取决于您的威胁模型是什么:对我来说，用户不能更改应用程序代码本身，也不能访问应用程序的私有存储.如果用户可以这样做，那么一切都会崩溃，因为用户可以愉快地删除或跳过限制应用功能的代码.

It all depends what's your threat model: for me, the user can't alter the app code itself nor access the private storage of the app. If a user could do that, then everything falls apart as the user can happily remove or skip the code that limits the app features.

因此，鉴于用户无法更改应用程序或访问应用程序私有存储的威胁模型，您可以轻松缓存 getPurchasesList() 响应令牌并在设备离线时使用它.

So, given a threat model of an user unable to alter the app nor access the app private storage, you can easily cache the getPurchasesList() response token and use it when the device is offline.

显然，对令牌的任何更新也必须反映到缓存中.(例如过期或退款状态)

Obviously, any update to the token must be reflected to the cache as well. (e.g. expired or refunded states)

我也同意你的观点，谷歌没有提供足够的信息来说明如何处理边缘情况，他们只是展示了一切都很好的情况.

I also agree with you that Google doesn't provide enough information on how to deal with edge cases, they just show the happy case where everything perfectly works.

我必须承认我没有仔细查看他们提供的示例应用程序:https://github.com/android/play-billing-samples

I must admit I didn't thoroughly look at the sample apps they provide: https://github.com/android/play-billing-samples