Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to correctly secure an application that uses in-app purchases and local DB

Tags:

android

security

I am currently developing a puzzle game for Android and I would like to have the following features when completed :

  • Free to play (ad-supported) so an active internet connection is required (unable to play if unable to display ads)
  • In-app purchase option to remove ads and connectivity check
  • In-app purchases for additional content

However I realize that there are many questions that stem from my requirements...

  1. Is it a good idea to have a single version and offering the option to removing ads via an in-app purchase rather than having 2 versions of the game on the Play Store? Maybe it is a better idea to have 2 separate apps but then, how could I share data between the 2? e.g. if a user buys additional content on the free version and then decides to buy the ad-free version, I would like that the content he bought in the free version be also available in his paid version.

  2. What are the best practices to ensure that the game cannot be 'hacked' to get the additional content freely? I understand that new content should not be included with the original app and be downloaded separately once the purchase is made, but what can I do to prevent that a user that has bought some content cannot redistribute it freely? After all, 'downloading additional content' is simply contacting a server to get data and then adding it to the local DB.

  3. The only way I see to implement the 'no ads and offline play' version (without having 2 distincts version on the Play store) is by updating a simple field in the local DB, but this does not seem like a clever solution because then a tech-savvy user could simply switch this bit by himself to unlock the ad-free version, what is the best way to prevent this?

Thanks!

p.s. Well, answers are not pouring...Upvote this question for more visibility if you want it answered!

like image 498
Bruno Avatar asked Aug 09 '12 19:08

Bruno

People also ask

Are in-app purchases safe?

Only download apps from sources you trust and know, and read the app reviews to see if there have been any security complaints or issues. Keep in mind that IAPs automatically go on the card you provided, and getting a refund can be difficult, if not impossible.

1 Answers

Well it very unlikely that a normal user can excess /data partition (Application data), but if you can to play safe; you can use SqlCipher (Transparent 256-bit AES encryption of database files).

You can check, it example at:

http://sqlcipher.net/sqlcipher-for-android/

Thanks, Munish

like image 80
Munish Katoch Avatar answered Nov 15 '22 00:11

Munish Katoch
Sign in to Comment

Related questions

progressbar setvisible not working
Android emulator signal strength
Horizontal Scrollview inside ListView item?
UDP/RTCP Packets not reaching Device/Application Whens device screen is Locked
Android : "cannot initialize visualizer engine"
preserve image quality
How to develop a walk through dialog that appears on the first launch?
Determining Max/Min Texture Size Limit in Android OpenGLES
Using a FrameLayout as a Live Wallpaper
MapView in a listView item
Android Logcat: How do I output a log message with a TAB character?
How to dynamically update a specific overlayitem
Have bottom border for TableLayout which is used as row in ListView
SQLite Inserts get slower even with transactions
is there any limitations in using "/proc/mounts" in android
CLEAR_TOP + start new activity. Hierarchy issue
ListView onItemLongClickListener does not prevent link taps
Different dimension for different language
PreferenceActivity with multiple preference files

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!