How do I protect a users purchases?

  • Hi, I want to add IAP and a store that uses currency you can ear in game. In addition you can purchase more currency with real money (IAP). I know that you can test to see if the user has purchased an item, but how can I protect them from clearing their cache or re installing? My fear is that someone will spend $1 for 1,000 of in game money, and potentially lose that 1,000 if they have to clear their cache for some reason. Is there a way to protect them from this without having to set up servers?

  • No. You must set up servers (or contract someone to do it for you).

    The browser is unsecurable. So you should never, never, never rely on client-side security.

  • No. You must set up servers (or contract someone to do it for you).

    The browser is unsecurable. So you should never, never, never rely on client-side security.

    So does everyone who uses IAP set up servers or just put a warning?

  • They all use servers. Otherwise you are throwing your customers (or yourself) under the cybersecurity bus by letting people steal their data (or letting them manipulate yours; like giving themselves free credits).

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • They all use servers. Otherwise you are throwing your customers (or yourself) under the cybersecurity bus by letting people steal their data (or letting them manipulate yours; like giving themselves free credits).

    Alright, thanks for the info. Would it still be risky to use a pay to remove ads feature? That would not require servers, correct? It would just require the game to check if the IAP has been made through their Google/Apple account so it can restore the purchase.

  • I don't see how you can escape a server. The very basis of Construct is HTML games, which implies a web server to run your HTML files on. I guess I am a little confused by your skittishness with servers.

    The server is the only safe place where you can do any kind of state tracking. The client only exists to display whatever the server tells it to. You cannot really run an HTML game apart from a server.

    State tracking server-side is done by sessions, like this: http://machinesaredigging.com/2013/10/2 ... sion-work/

  • I don't see how you can escape a server. The very basis of Construct is HTML games, which implies a web server to run your HTML files on. I guess I am a little confused by your skittishness with servers.

    The server is the only safe place where you can do any kind of state tracking. The client only exists to display whatever the server tells it to. You cannot really run an HTML game apart from a server.

    State tracking server-side is done by sessions, like this: http://machinesaredigging.com/2013/10/2 ... sion-work/

    https://play.google.com/store/apps/deta ... .com&hl=en

    It is a mobile game, not web or desktop. It is my first game and more of a learning tool for me. I did not want to spend money on servers just yet since it is a simple high score game with not much depth. I would like to add more features which is why I am trying to get more info on IAP or in game stores.

  • You do not have to use a server, most stores (iap restore purchases) will provide a way to deal with lost data.

    If you do want to keep a users data, and don't want to own a server, you can use a service.

  • You do not have to use a server, most stores (iap restore purchases) will provide a way to deal with lost data.

    If you do want to keep a users data, and don't want to own a server, you can use a service.

    Thanks

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)