top of page

Refund of In-App Purchase

The Exploit:

Requesting for refund of in app purchases.

How it works?

For most freemium games, we have in-app purchases but we only design it such that when the player purchases it, we will reward them with some in-game currency.

For the fraudsters, they buy some IAP and after which, request refunds from Google/Apple. Most developers do not check if past receipts are still valid. Hence the player actually gets free in-game currency.

How to fix it?

Check for validity of past receipts whenever the game starts and deduct in-game currency if there are any discrepancy. Allow your in-game currency to go into negative and after multiple times, you can choose to ban the player.

How to check for validity of purchases?

Google Play have provided a nice article and API for checking refund frauds:

Prevent Refund Frauds

For Apple App store, you can check the receipts: Receipt Validation

For those using Unity API, you can use Unity IAP API: Unity Receipt Validation

Hope this article helps some developer out there..

Recent Posts

See All

Finally managed to restore almost all of my post from the previous wordpress. 1 year ago, I mentioned that IL2CPP seems to be broken. 1 year on, there are tools out there that completely reverse engin

Let's face the facts. It is impossible to stop all exploits and modders. The first steps will be preventing cheating tools are being used. Cheating tools makes everyone a modder. Preventing the cheati

Old news but with Google enforcing all apps to support 64 bit seems to solve most of the reverse engineering to plaintext problem. It is a really good implementation as reverse engineering IL2CPP will

bottom of page