Skip to main content

My iOS/Android app was hacked by some users and now they can bypass the payment process and access all the pro content of my app.

Does Revenuecat help to prevent that by double authenticate before unlocking the pro content?

 

Hi @waleed! I’m sorry to hear that, although I guess it’s a sign that you are selling stuff that people want! 

 

The good news is that RevenueCat does help prevent this. 

 

We launched a feature called Trusted Entitlements a few months ago, which adds an extra layer of signing and verification to ensure that users can’t access your pro content without paying. 

 

Here are our docs for usage and setting it up, which is done in just a couple of lines of code: 

https://www.revenuecat.com/docs/trusted-entitlements#:~:text=Trusted%20Entitlements%201%20Purpose%20RevenueCat%20uses%20strong%20SSL,%27s%3A%20...%203%20Edge%20cases%20Cache%20invalidation%20

 

The TL;DR: is that when enabled, Trusted Entitlements adds an extra property to the CustomerInfo object, which tells you whether the contents of the object may have been altered. If they were, then it’s likely that there’s some fiddling going on. 

 

And if you’re curious about how it works, we wrote a blog post about it here: 

https://www.revenuecat.com/blog/engineering/trusted-entitlements/

 

Be sure to update to the latest version of the SDK to ensure that you have access to the feature. 

 

Let me know if you have any questions!


Thanks Andy, I will check this 🙏


How does Trusted Entitlements get implemented for React Native?


when on Capacitor (Hybrids)?


Reply