question

I hate to tell you this, but there's no magic bullet when it comes to clones. Any protection you put on the code shipping to the client is right there on the client, meaning that with sufficient technical skill, someone can get it and use it the same way your title does. That said, there's a good write-up of the issue and the mitigation steps you can take in this post: http://stackoverflow.com/questions/13854425/how-to-avoid-reverse-engineering-of-an-apk-file.

At a high level, there are a lot of articles on protecting your title, such as:

http://ukie.org.uk/news/2015/05/how-does-indie-community-fight-game-clones

http://ukie.org.uk/news/2015/06/how-protect-your-ip-clones

Having a strong community is one of the best protections, since then you have a distributed network of folks working to help protect you as a developer. They can help to spot clones and notify platform owners (Google, in this case), so that they can get taken down more quickly.

On the PlayFab side, you do have some additional tools you can use. Any call coming into our service for your Title ID that's well formed is assumed to be from your title, as we do not control the client's device. So if someone clones your title exactly, users would show up in your game exactly as if they were playing the version you released. But let's break down the three categories of "level of investment" the cloner makes in trying to profit from your app:

1. Cloner makes an exact copy of your game. For a free-to-play game, all profits from IAP are going to you. For a paid game, you need to have a registration mechanism that validates the user. If you were launching on Steam, for example, they couldn't do this - they'd have to go to the next level (their own app on the platform). But for platforms that don't have that protection, you'll need something more. One thing you could do is have an item in your Catalog which cannot be purchased, but which is necessary to play the game. Use the Coupon system to give it to users, so that when someone purchases the game, they get a coupon from you, which they use to get the item from the Catalog.
2. Cloner makes his own app in the Google Play store. For a free-to-play game, our receipt validation calls fail for his title, so players can't purchase anything. For paid games, again you'd want something like the Coupon system described above. The cloner can't make Coupons for your title, so he'd have to go to the next level (re-create everything).
3. Cloner puts in real work, creating his own app in the Google Play store, his own Studio and Title in PlayFab, and re-creates your in-game Catalog and Stores. For this case, whether free-to-play or paid, your best protection is to have key logic for how you run your game in custom game servers or Cloud Script, so that you have something they can't get at no matter what. They would have to reproduce all that logic as well - possible, but it takes more work. A lot more work, if you're using a custom game server to host much of the core game mechanics.