(UPDATED) Can someone explain how mymusic.com.ng charges users' phones?


#1

Hello,

I recently stumbled on mymusic.com.ng. I was eager to test how the platform works so I hit the download button.

I hit download and I got a text. See below.

Your purchase is successful. Here is your link to Pana. http://www.MyMusic.com.ng/412671491856599 You have 3 extra download attempts till Thu, Apr 13 2017…

In a bid to isolate the technology behind the seamless N30 charge.
Now my friend and I tried something. I shared my hot spot and my friend downloaded with Wi-fi.

Guess what?
I got the text message, not my friend whose phone was used to download.

The implication of this is that these guys must have partnered with telcos definitely. They don’t get your number from your hardware (device) but through your Network Provider. Now I don’t know what’s obtainable when you use Smile, Spectranet and the likes to download music. That’s my next move.

Another Experiment:
There was no airtime on my phone and I still shared my hotspot. My friend hit the download button again and he got “No sufficient airtime”.

I am eager to know how they pulled this off. I know its a cakewalk but still keen to know. Anyone got any idea?


#2

Hmmm Interesting


#3

Isn’t this experiment wild enough to pitch you reality or you’re all grey? Quite interesting anyways. Lets watch more comments.


#4

Yes… They are using what we call “Header Enrichment”

The HTTP Header Enrichment (HHE) capability provides solutions for a content provider to identify a subscriber.
Basic HHE allows the subscriber to be identified by their MSISDN.
Aliased HHE allows the subscriber to be identified without divulging the subscriber’s MSISDN.

A standard feature of the NowWAP Proxy is to provide Basic HTTP Header Enrichment to facilitate operator billing for HTTP based services, including Multimedia Messaging Services (MMS).

Basic HHE is enabled for all subscriber HTTP transactions that are forwarded to a configurable list of content provider hosts and/or domains (most frequently these are hosts within the operator domain, such as the operator MMSC).


How do I partner with a Telco to facilitate airtime-billing from my mobile app
#5

Interesting. Thanks for the heads up. Will love to get further explanation (an applied explanation).

Now @segunjosh, say I got a service that I want users to pay with airtime. How do I go about it?
Does one approach a Telco or agent companies that offer such services.

Thanks.


#6

UPDATE

If you use a wireless modem such as Smile, Spectranet etc. They will ask you to input your phone number. The transaction then occurs


#7

If I may ask is VAS provider involved in this or did my music.com.ng sign a deal with the telcos


#8

It could have gone both ways, but given that they have support for all telcos i would guess they are working with a VAS aggregator that is integrated to all four of the telcos.


#9

Sounds like a terrible way to handle authentication especially for something as sensitive as billing. At face value, it looks very prone to man-in-the middle attacks, replay attacks, session hijacking, and based on OP’s test, inadvertent impersonation.


#10

At some point they used : https://fortumo.com/