sv1sjp@lemmy.world to Android@lemdro.idEnglish · 1 month agoUse Case: Bypassing In-App Purchase By Payment Client-Side Validationsecfathy0x1.medium.comexternal-linkmessage-square4fedilinkarrow-up115arrow-down13cross-posted to: [email protected]
arrow-up112arrow-down1external-linkUse Case: Bypassing In-App Purchase By Payment Client-Side Validationsecfathy0x1.medium.comsv1sjp@lemmy.world to Android@lemdro.idEnglish · 1 month agomessage-square4fedilinkcross-posted to: [email protected]
minus-squaresbvlinkfedilinkEnglisharrow-up1·1 month agoThe app now needs to validate the response from the back end. If the attacker can bypass the purchase check, what prevents the attacker from bypassing the response from the back end?
minus-squareAce! _SL/S@ani.sociallinkfedilinkEnglisharrow-up2·1 month agoMostly nothing, but it’s enough to stop fully automated patching/modding the Playstore like Lucky Patcher does
The app now needs to validate the response from the back end. If the attacker can bypass the purchase check, what prevents the attacker from bypassing the response from the back end?
Mostly nothing, but it’s enough to stop fully automated patching/modding the Playstore like Lucky Patcher does