-1

Here's the problem: I'm creating my new game which has some inapp items. I am using the Starling Framework for the game so I develop on AS3. I want to protect the game from genius(!) players who may attempt to break into inapp purchase process.

AS3 calls an in-app ANE (Milkman's), when a success returns from the ANE, my AS3 code sends an acknowledgement to my game server. So a malicious player can always send this acknowledgement info to my server without completing the in-app purchase process as if it was completed successfully.

So I thought of creating my own ANE which will also send this acknowledgement after it completes the process, so no AS3 code to mess with. I also don't want to use Java on Android to make things a little harder so I wonder if it's possible to call C++ code (which calls JNI for in-app purchases) from AS3.

Élodie Petit
  • 5,774
  • 6
  • 50
  • 88
  • I'd check Kongregate API on how do they do payment verification, and do alike. This is a pretty hard topic, how to protect from fake data submission. – Vesper Jul 22 '16 at 13:38
  • Rule of thumb: rolling your own security solution is a bad idea. – null Jul 23 '16 at 10:45

1 Answers1

1

Milkman ANE is fine to use, google play has a proper secure way to protect your purchases from hacking - check out billing-security for GooglePlay. iTunes also has similar solution.

The main idea is to verify a purchase on server side with a private key which is only available for provider store (google play or iTunes) and your backend.

fsbmain
  • 5,267
  • 2
  • 16
  • 23