We’re happy to announce that the SOOMLA Store SDK now supports receipt validation for Android. This latest development, which was much awaited by our developer community, is another layer in our secure in-app purchase stack which supports our commitment to prevent IAP fraud. The validation uses our dedicated complimentary server. Don’t sweat it if you don’t know how to set up a server, we’ll pick up the tab on that one.
This latest feature has also been integrated into our Unity and Cocos2d-x plugins to ensure that developers using game engines can benefit from it as well. In Unity, using Android receipt validation is as easy as ticking a checkbox. You need to also configure a few things with Google and provide your OAuth credentials. This is explained in-depth in our knowledge base.
Developers using GROW analytics gain automatic access to our fraud protection analytics. Our analytics integration does not use custom based events and is able to filter out fraud to give you more accurate reporting.
Receipt validation, also known as server side verification, is a best practice for developers who are employing in-app purchases in their game and who isn’t today, right? For those of you who aren’t familiar with receipt validation, the general concept is to double check a transaction with a third party server which in turn validates it with Google Play’s servers. The reasoning for do this is that malicious users could potentially “crack” their devices’ IAP by installing a piece of software that emulates the purchase process. These crackers usually hijack purchase requests and direct them to fraudulent servers that return a response similar to the one returned by Google Play even though the transaction is never really committed. The solution to this scenario is to validate the receipt that’s returned at the end of the purchase with a dedicated server that you trust, which will validate the receipt on your behalf with Google Play. Since it’s your dedicated server (or in this case, SOOMLA’s dedicated server) it’s much harder to crack the link between that server and Google Play. This process is very similar to receipt validation in iOS.
Check out these slides for more details: