canj Validate Google Play Purchase prevent hackers?
Hello.
So i have this IAP on my app, and ofcourse there're some people who use some APK Patcher to hack the IAP, where it becomes free.
My question is, does Validate Google Play Purchase can prevent patched apk where they alternate the token and the IAP becomes free?
Thankyou
Best Answer
Google Play receipts are signed using RSA. Realistically, the only way a player could modify a receipt and have it still pass the signature check would be if your Google License Key has leaked. If it has, you should get your Key changed, and update it in your title's Google Add-on settings in the PlayFab Game Manager.
Most hacks of IAP do one of a few things:
1. Modify the content of the receipt to change the item. This won't work because the signature check would fail in our validation call.
2. Substitute a valid receipt from a different game. Again, the signature check would fail (but also, it wouldn't contain valid items from your game), so this won't work either.
3. Completely bypass the online check of the receipt and just fake a good response from the call to check. You can't stop a hacker from changing the local logic, but that will have zero impact on the items in the player's inventory in PlayFab. So while they could make it look like they have an item locally, any server-side check of their inventory (in Cloud Script or hosted servers) won't be fooled.
