Verify your in-app purchase receipts on iOS and Android in real-time with Adjust
Posted Aug 17, 2016
Not all of the in-app purchases that are made in your app are real. As it turns out, as many as 30 % of all IAPs on iOS are falsified - whether through a rooted device, a hijacked App Store request, or through some other form of in-app piracy.
Adjust can now check your in-app purchase receipts in real time and verify that the purchases are real, by pinging Apple’s or Google’s receipt verification servers. This feature has been in testing for months – but today, it’s available to everyone. To get started, just ping firstname.lastname@example.org.
This is actually the latest iteration of a longer-running project to build purchase verification that really works. To understand how purchase verification can best be implemented, we’ve tried multiple different approaches:
deduplicating transaction IDs inside the SDK:
This method has been available in the SDK since early last year, and simply checks transaction IDs for duplicates. You can catch a few simple types of faked purchases, and it’s an easy quick-fix in early stages of your launch.
locally sanity-checking receipts inside the SDK:
We went a step further in version 4.1, decoding and checking the receipt fields locally. Similarly, it gave us slightly better results,
asynchronously polling verification servers:
Also introduced with 4.1, you would be able to slowly and lazily check receipts with the verification servers after-the-fact. Unfortunately, this approach isn’t associated with complete accuracy - and since the data is delayed, you can’t use it as easily in integrations or in your BI systems.
We discuss the performance and general implementation of each of these approaches in our whitepaper on purchase verification.
In the paper, we also go over our initial data on how many IAPs are fake, along with typical ways to detect them.
What we found is that there’s only one way to get to extremely high accuracy rates, and making your data set clean and actionable from the get go: fully cross-checking the entire receipt with the App Store and Google Play Store in real time.
With our new setup, you send any receipt from your app into our SDK. The SDK will perform some local checks, then send off the receipt to our servers, that immediately cross-check with the app store receipt validation servers. The result? In less than a second, your app has a completely authoritative answer on the validity of the receipt.
Since Adjust typically serves as the central data collection point for all of your network partners and often other analytics systems, you know that every copy of this data set has accurate revenue data as soon as it’s known.
Purchase Verification is a stand-alone feature that you can book in addition to your attribution pricing package.
Interested? You can get in touch with our team through the pricing page in your dashboard, or over this link.