Protection from hacking "In app purchase" on Android/iOS

Hey. How to protect your application from hacking “in app purchase” on Android/iOS, which are used by programs such as “Freedom”?

If someone has rooted their device, your options are pretty limited, and the right solution depends on the kind of hacks you’re trying to avoid. However, most solution revolve routing purchases through a server you control. Here are the Apple docs on that. You can actually set something like that up pretty easily w/ Google App Engine.

  1. You can setup a server for receipt verification
  2. Once you get a purchase response from server, send another request to Google server to get all Purchase products for the user. This will cross verify the purchase.
  3. Don’t allow your app to run on rooted devices.
  4. Freedom fake transaction id corresponds to Billing format 2. Upgrade to Google billing format 3 and easily validate the transaction id format

Good luck. Let me know which solution worked for you.

Hi lilboylost, could you tell me how to implement the point 3?

“Don’t allow your app to run on rooted devices.”

I’ve tested several on the net but don’t work.

Thanks a lot.