Skip to main content
Solved

Prevent bypass and hacking in-app purchase

  • September 27, 2023
  • 4 replies
  • 2595 views
W
Forum|alt.badge.img+1

My iOS/Android app was hacked by some users and now they can bypass the payment process and access all the pro content of my app.

Does Revenuecat help to prevent that by double authenticate before unlocking the pro content?

 

Best answer by Andy

Hi @waleed! I’m sorry to hear that, although I guess it’s a sign that you are selling stuff that people want! 

 

The good news is that RevenueCat does help prevent this. 

 

We launched a feature called Trusted Entitlements a few months ago, which adds an extra layer of signing and verification to ensure that users can’t access your pro content without paying. 

 

Here are our docs for usage and setting it up, which is done in just a couple of lines of code: 

https://www.revenuecat.com/docs/trusted-entitlements#:~:text=Trusted%20Entitlements%201%20Purpose%20RevenueCat%20uses%20strong%20SSL,%27s%3A%20...%203%20Edge%20cases%20Cache%20invalidation%20

 

The TL;DR: is that when enabled, Trusted Entitlements adds an extra property to the CustomerInfo object, which tells you whether the contents of the object may have been altered. If they were, then it’s likely that there’s some fiddling going on. 

 

And if you’re curious about how it works, we wrote a blog post about it here: 

https://www.revenuecat.com/blog/engineering/trusted-entitlements/

 

Be sure to update to the latest version of the SDK to ensure that you have access to the feature. 

 

Let me know if you have any questions!

View original
Did this post help you find an answer to your question?
This post has been closed for comments

4 replies

Andy
RevenueCat Staff
Forum|alt.badge.img+8
  • Andy
  • RevenueCat Staff
  • 237 replies
  • Answer
  • September 27, 2023

Hi @waleed! I’m sorry to hear that, although I guess it’s a sign that you are selling stuff that people want! 

 

The good news is that RevenueCat does help prevent this. 

 

We launched a feature called Trusted Entitlements a few months ago, which adds an extra layer of signing and verification to ensure that users can’t access your pro content without paying. 

 

Here are our docs for usage and setting it up, which is done in just a couple of lines of code: 

https://www.revenuecat.com/docs/trusted-entitlements#:~:text=Trusted%20Entitlements%201%20Purpose%20RevenueCat%20uses%20strong%20SSL,%27s%3A%20...%203%20Edge%20cases%20Cache%20invalidation%20

 

The TL;DR: is that when enabled, Trusted Entitlements adds an extra property to the CustomerInfo object, which tells you whether the contents of the object may have been altered. If they were, then it’s likely that there’s some fiddling going on. 

 

And if you’re curious about how it works, we wrote a blog post about it here: 

https://www.revenuecat.com/blog/engineering/trusted-entitlements/

 

Be sure to update to the latest version of the SDK to ensure that you have access to the feature. 

 

Let me know if you have any questions!

Andy
W
Forum|alt.badge.img+1
  • waleed
  • Author
  • New Member
  • 1 reply
  • September 27, 2023

Thanks Andy, I will check this 🙏

Andy
1 person likes this
  • Andy
    Andy
L
Forum|alt.badge.img+7
  • lucksp
  • Dedicated Member
  • 31 replies
  • October 15, 2023

How does Trusted Entitlements get implemented for React Native?

0xDEV
Forum|alt.badge.img+1
  • 0xDEV
  • New Member
  • 3 replies
  • October 23, 2023

when on Capacitor (Hybrids)?

Most helpful members this week

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings