Securing App from Hacker

Discuss
#1

I am making a simple app with in app purchases as subscriptions

As of now i have not used any way to secure my app thinking that things are inbuild in kodular and further added by google

I am new in this field. Just was going through community about certain security extensions like hack Secure 4.1

If some one can guide what basic types of hacking which can be carried out on my app and prefered extension to use them

I have 2 fears

  1. Can someone after downloading apk from Google, hack it and change the package name and republish with his account
  2. Can someone remove the subscription part of the app and make free trial to premium

    Are these things simple and do i need to do use any extension to gaurd against this

    Thank you
#2

You mean re-upload in play console

It depends on your logic

#3

Yes re-upload

#4

If you use any authentication method, then this issue can be resolved

1 Like
#5

I don’t have 100% knowledge. But i think it not possible

1 Like
#6

Thanks for reply

My app is fully offline

1 Like
#7

try How To Use Lucky Patcher Android App - Lucky Patcher

1 Like
#8

Use phone number authentication to register or login to use your app, then someone can’t open app without login, and also login will failed if app is rebuild

1 Like
#9

@Taifun
If you can give your expert advice on this.
I have used your billing extension for using subscription
Kept things simpler as you have given in example in the billing extension

#10

If your app is fully offline, no one other than the user can change app data. IF the user changes app data, it will only effect the his/her apk.

IF you want to encrypt the data in the app itself use this block
obfuscated_text

2 Likes
#11

for more security, you should Acknowledge all purchases after verifying it on your server…

taken from the documentation at App Inventor Extensions: Billing | Pura Vida Apps

Acknowledge purchases : your app must consume or acknowledge all purchases. This is a new feature Google added into the Billing library to prevent fraud. If you don’t consume or acknowledge a purchase within three days, Google automatically revokes the purchase and refunds the user.
If your app has a validating server component, you should only acknowledge a purchase after successfully validating it.

Verifying purchases is not required, but is considered a best practice when selling in-app products. For more about how to fight fraudulent purchases, check out chapter Verify purchases before granting entitlements in the Fight fraud and abuse page and chapter Processing Purchases in the Integrate the Google Play Billing Library into your app page.
After verifying the purchase, your app then needs to acknowledge the purchase.

How the billing extension can help: If you decide to not verify the purchase, you can use the AutoAcknowledge feature of the extension to automatically acknowledge after purchasing. If you choose the verify the purchase, use the PurchaseUpdated event to get the purchase token and follow chapter Verify purchases before granting entitlements in the Fight fraud and abuse page. After successful verification then use method Acknowledge together with the purchase token to acknowledge the purchse.

Taifun

1 Like
#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.