Store important data in internal storage

Question

I'm trying understand which is the best way to store sensitive data in Android. In my app i want to insert a classic in-app-purchase model with some coins. My problem is that i'm not sure how to implement this correctly. The initial idea was to simply use my firebase database, store the number of coins for every user and fetch the data every time the app is launched. This way I can easily detect some inappropriate usage but my users are forced to use the internet to play. Looking at the documentations, I found this. Can this be a solution? Can I save in the internal storage the number of coins, maybe with some type of encryption, to avoid root user to modify the file? Then when the internet is on I can double-check the local stored variable with the the one in the database. Thanks

Answer 1

Not an "easy" task. Technically, you can create a SecretKey and encrypt data, so no normal user will be able to reproduce. If your concern are root users, You are kind of out of luck, as he can hook into your app while it is reading/writing that value.

But to store it online is not a solution in itself. You have to answer questions like: "Do you trust any server input"? "How to make sure just paid coins are added"?

Have you had a look at Google Play billing?

it provides safe way's to determine if somebody paid or not. This will require to be online.