The monitoring program fraud on Google Play is giving excellent results, given that Google has announced that it has prevented from being carried out to the value of 2 billion dollars, only in 2022, on the Google Play Commerce platform. The report was published on the official blog that you find in the source and here we discover that among the most common tricks implemented by scammers are the use of compromised payment methods, requesting refunds for in-app purchases already exploited and the use of scam gift cards.
In order to protect developers, Google has put in place two tools that can be used to reduce the possibility that some users try to scam them: the API for canceled purchases And the Obfuscated Account ID. The first provides a complete list of in-app and subscription orders for each user that have been canceled – so as to understand the history of a particular buyer’s behavior -, while with the account ID obfuscated, Google is able to detect fraudulent transactions, for example where there are multiple devices making purchases on the same account in a short period of time.
In addition to that, Google recently released the tool Purchases.product.consume dedicated to developers, thanks to which in-app purchases can be leveraged by users via the API Play Developerreducing the risk of client-side abuse and moving more operations to more secure backends.
For example, if today an attacker purchases an item on a client-side tampered app, this is automatically refunded due to non-confirmation after 3 days of the transaction. Using Purchases.product.consume – which validates the transaction on the server side and not on the client side – will make it possible to prevent such scenarios from repeating themselves. For more details on Google Play initiatives, please consult the link in Source.