Remove ADS with SDKBOX - IAP

tranthor · December 12, 2017, 2:08pm

Hi,
I implemented IAP with SDKBOX in Android and iOS, and everything works fine (I’m developing in c++). But since some days, I’m wondering how to implement the logic of remove_ads.

I will create an icon for buy NO_ADS App Version. The objetive is that, if the player purchases it, I shouldn’t show anymore ads in the game.

So, every time I want to show a banner, I should validate it. Something like this:

if(adsremoved)
{
    CCLOG("Dont show ads");
}
else
{
    CCLOG("Show Ads");
}

The question is, how can I do the validation?
The most simple implementation is, if the player purchases NO_ADS version, in the listener onSuccess I could edit a flag in SQLite, and always validate the flag in SQLite. But it isn’t secure, because SQLite is easy to hack. I could encrypt the data inside the table, maybe is more “secure”, but it’s still insecure.

I would like to ask to Google / Apple if the item has been purchased and receive true or false. I think this is the most secure method, because I don’t save anything inside the device.

How can I do it in SDKBOX? @yinjimmy @nite ? Someone?
Thanks

nite · December 13, 2017, 1:13am

Usually record in SQLite should be enough for most small games.

If you want more security you can record this change in your server and sync the data to your game client periodically.

You could verify the purchase with Google/Apple once you have the transactionID and receipt data, but usually it’s done between your server and google/apple’s server.

mars3142 · December 13, 2017, 1:30pm

This is bad behaviour, because it’s not secure. I can only speak for Google (Android) and there is a way the check for purchased item: https://developer.android.com/google/play/billing/billing_library.html#querying_purchased

As far as I know, Apple devs have to integrate a “restore purchases” into their apps (not games), so they can restore it at any time. There’s no need to persist it in an own database, only if you use it for digital downloads (like subscription or purchase of books).

And you’re right, the validation should be done server-to-server, but how do your server know which purchase token to check, if the device is fresh installed - some users buy every year a new device (like me) and don’t restore from backups? So we need a way to receive the token from Apple/Google again. Your server can only know it, if you have a custom login implemented, which isn’t useful for small games.

This was the question of @tranthor with some more explanation - because I’m also interested in an answer.