I am making a simple app with in app purchases as subscriptions
…
As of now i have not used any way to secure my app thinking that things are inbuild in kodular and further added by google
…
I am new in this field. Just was going through community about certain security extensions like hack Secure 4.1
…
If some one can guide what basic types of hacking which can be carried out on my app and prefered extension to use them
…
I have 2 fears
Can someone after downloading apk from Google, hack it and change the package name and republish with his account
Can someone remove the subscription part of the app and make free trial to premium
…
Are these things simple and do i need to do use any extension to gaurd against this
…
Thank you
Use phone number authentication to register or login to use your app, then someone can’t open app without login, and also login will failed if app is rebuild
@Taifun
If you can give your expert advice on this.
I have used your billing extension for using subscription
Kept things simpler as you have given in example in the billing extension
Acknowledge purchases : your app must consume or acknowledge all purchases. This is a new feature Google added into the Billing library to prevent fraud. If you don’t consume or acknowledge a purchase within three days, Google automatically revokes the purchase and refunds the user.
If your app has a validating server component, you should only acknowledge a purchase after successfully validating it.
Verifying purchases is not required, but is considered a best practice when selling in-app products. For more about how to fight fraudulent purchases, check out chapter Verify purchases before granting entitlements in the Fight fraud and abuse page and chapter Processing Purchases in the Integrate the Google Play Billing Library into your app page.
After verifying the purchase, your app then needs to acknowledge the purchase.
How the billing extension can help: If you decide to not verify the purchase, you can use the AutoAcknowledge feature of the extension to automatically acknowledge after purchasing. If you choose the verify the purchase, use the PurchaseUpdated event to get the purchase token and follow chapter Verify purchases before granting entitlements in the Fight fraud and abuse page. After successful verification then use method Acknowledge together with the purchase token to acknowledge the purchse.