Home/ Questions/Q 8656689
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T15:20:22+00:00

I need encrypted information regarding the application users to be sent over to my

  • 0

I need encrypted information regarding the application users to be sent over to my server. And also for the server to verify the information sent and send back an encrypted response so the client would know what to do depending on the response. I believe I should be approaching this with JSON and POST PHP but don’t know what to do for the security aspects of it.

An example would be. Client buys coins through in-app billing. Server receives notice from in-app billing and updates how many coins Client has. Client then proceeds to use coins to buy an item in the game and sends its verification and id to server which the server verifies and then sends a response code either stating that the Client is banned for doing fraudulent activity or insufficient coins or lets the Client buy the item in question.

Some questions I have.

  1. I understand that any application or game can always be hacked on the clients end but gets progressively harder if its verifying things coinciding a server. How can I make sure that it is very hard for the client to mess with the response code and also with the sending of verification? Would SSL be enough? If so, could you direct me to an article on how to implement SSL for Android php posting?

  2. How does Google billing verify it’s users? By e-mail or device ID?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s all written here. In the coins example, you’ll likely need an unmanaged in-app billing. Unmanaged means that Google Play won’t store the transaction and you are responsible of tracking users (by email, device ID, both or an username).

    Regarding security, it really depend on your requirements. Google Play’s in-app billing doesn’t require you to deploy your own server. You don’t even need to talk to the network: it’s all managed by the Play app, which acts like a Proxy. Assuming you want to use your own server, SSL only grants a transport security, ie integrity and confidentiality of the message, not typically guaranteed by HTTP, are now guaranteed by SSL. This prevents man-in-the-middle attacks and the like, but it really doesn’t protect your app from application-level flaws.

    If your backend has a standard RESTful interface, you need to authenticate users against at least one private piece of information, like a password. Otherwise, anyone could make requests impersonating 1234567890 or john@example.com, which are publid data. In other words, you simply need to create accounts for users and communicating over HTTPS.

    • 0