Posted by Sheenam Mittal, Product Manager, Google Play
Google Play Commerce enables you to monetize your apps and games at scale in over 170 markets, without the complexities and time consumption required to run your own global commerce platform. It enables you to easily transact with millions of users around the world and gives users trusted and safe ways to pay for your digital products and content. Ensuring developers and users have a secure purchase experience has been a key pillar of Play Commerce, and we achieve this by continuously preventing and monitoring for bad actors looking to defraud and abuse your apps.
Preventing fraud and securing purchases
In 2022, we prevented over $2 billion in fraudulent and abusive transactions. Bad actors looking to carry out abuse on apps implement an array of strategies across both one–time purchases as well as auto-renewing payments. For example, they may attempt to purchase an item in your app with a compromised form of payment, or request a refund for an in-app purchase that’s been already consumed or sold, or use scammed gift cards for purchases. When a combined or coordinated attempt is carried out by bad actors, it can result in large-scale abuse on your app. Preventing such fraud and abuse requires a comprehensive approach, consisting of automated solutions and an array of internal monitoring tools combined with human expertise.
Empower developers with tools to mitigate app abuse
Information asymmetry between Google Play and developers is commonly exploited by bad actors. Two of the most effective solutions that you can implement to help address this are Voided Purchases API and Obfuscated Account ID. Over 70% of our top 200 monetizing developers have integrated these solutions to reduce fraud and abuse on their apps.
- Voided Purchases API provides you with a list of in-app and subscription orders for each user that have been voided. You can implement revocation that prevents the user from accessing products from those orders.
|Benefits of Voided Purchases API|
- Obfuscated Account ID helps Play detect fraudulent transactions, such as many devices making purchases on the same account in a short period of time.
You can also use Play Integrity API to protect your apps and games from potentially risky and fraudulent interactions, such as cheating and unauthorized access. You call the Play Integrity API at important moments to check that user actions or server requests are coming from your unmodified app, installed by Google Play, running on a genuine Android device. If something is wrong, your app’s backend server can respond with appropriate actions to prevent attacks and reduce abuse. Developers using the API have seen an average of over 50% reduction in unauthorized access of their apps and games. Stay tuned for new highly-requested feature updates.
|Flowchart of how Play Integrity API works|
This month, we launched Purchases.product.consume, which allows you to consume in-app items using the Play Developer API, reducing the risk of client-side abuse by shifting more business logic to your secure backends. For example, if a bad actor purchases an item from your app but tampers with the client side, the purchase will be automatically refunded due to lack of acknowledgement after 3 days of purchase. Using server side consumption will prevent this type of app abuse.
Google Play Commerce is committed to providing developers and users a secure purchase experience. Learn more about how to prevent bad actors from harming users and abusing your app by visiting this guide, as well as other 2023 initiatives helping keep Android and Google Play safe.