Protecting in-app purchases from Freedom Hack

Question

I\'ve throughtoutly searched this site as well as others for answers and found no actual one.

My question is what exactly does the Freedom Hack (which allows users t

Answer 1

then adding my own signature in the server wouldn't help much.

That is not correct, the signature that "Freedom" uses is invalid and the order id is also invalid.

What I did to ensure that my Application is safe is:

1. Send isPurchaseValid(myPurchase.getSignature(), myPurchase.getOriginalJson()) to my server to verify over there and it works with real purchases but freedom fails everytime.

2. On the server I check if the signature matches

3. If it does match I contact "Google APIs Google Play Android Developer API > androidpublisher.inapppurchases.get" to verify that the Purchase exists and that returns my developer payload.

4. I then use the developer payload to make sure that this purchase is for this specific user and not some other user and this user is sending me his data.

P.S. The developer payload is a String you set before the purchase is made from your android app, it should be something unique to your user.

It maybe a lot of work but It ensure that no one will buy your stuff with freedom and succeed.

The only thing that I am unable to do is not let freedom have an affect on my application, for example the folks in Path did something I don't know what which made Freedom have no effect what so ever!!!!