Anti-cheat Methods

Validation of payments and time adjustments in devtodev SDK for iOS

Payments validation

To be protected from fraudulent transactions, we recommend you to use devtodev Anticheat service.

Use this method, and devtodev will check the transaction's validity with the payment platform, and the response will be returned to the application.

[DevToDevCheat verifyPaymentWithCompletion:(void (^)(ReceiptStatus))completionBlock];

The result can take one of the following values:

typedef enum {
    ReceiptValid,
    ReceiptNotValid,
    ReceiptServerError,
    ReceiptInternalError,
    ReceiptSandbox
} ReceiptStatus;

In case of a successful check call the following main SDK method:

[DevToDev realPayment: (NSString *) transactionId withInAppPrice:(float) inAppPrice 
         andInAppName: (NSString *) inAppName andInAppCurrencyISOCode: (NSString *) inAppCurrencyISOCode];

If the transaction hasn’t passed verification, do not perform the Payment event.

We do not recommend to use the result of devtodev anti-cheat verification as a condition for giving or not giving in-game currency or item purchased by a user!

Time cheats check

To check for time cheats call checkTime method every time when the app is being launched

[DevToDevCheat checkTime: (void (^)(TimeStatus status)) completionBlock];

The result can take one of the following values:

typedef enum {
    Valid,
    Forward,
    Rewind
} TimeStatus;

Validation of payments and time adjustments in devtodev SDK for Android

Payments validation

To be protected from fraudulent transactions, we recommend you to use devtodev Anticheat service

Use this method, and devtodev will check the transaction validity with the payment platform, and the response will be returned to the application.

Call following method when GooglePlay returns the transaction to your onActivityResult:

DevToDevCheat.verifyPayment(String receipt, String signature, String publicKey, 
                            OnVerifyListener onVerifyListener);

You can get sharedSecret key here:

  1. Go to the Google Play Developer Console and sign in. Make sure that you sign in to the account from which the application you are licensing is published (or will be published).

  2. In the application details page, locate the Services & APIs link and click it.

  3. In the Services & APIs page, locate the Licensing & In-App Billing section.

Your public key for licensing is given in the Your License Key For This Application field.

The result can take one of the following values:

public enum VerifyStatus {	
                           Valid,
                           Invalid,
                           InternalError,
                           ServerError
                         };

In case of a successful check call following the main SDK method:

DevToDev.realPayment(String pPaymentId, float pInAppPrice, String pInAppName, String pInAppCurrencyISOCode);

If the transaction hasn’t passed verification, do not perform the Payment event.

We do not recommend to use the result of devtodev anti-cheat verification as a condition for giving or not giving in-game currency or item purchased by a user!

Time cheats check

To check for time cheats call checkTime method every time when the app is being launched

DevToDevCheat.verifyTime(OnTimeVerifyListener onTimeVerifyListener);

The result can take one of the following values:

public enum TimeStatus {
                         Valid,
                         Forward,
                         Rewind
                       };

Validation of payments and time adjustments in devtodev SDK for Unity

Payments validation

To be protected from fraudulent transactions, we recommend you to use devtodev Anticheat service.

Use this method, and devtodev will check the transaction validity with the payment platform, and the response will be returned to the application.

1. Call the method for payment verification:

DevToDev.AntiCheat.VerifyReceipt(string receipt, string signature, string publicKey,
                                 OnReceiptVerifyCallback callback);

or if you are using Unity IAP plugin:

DevToDev.AntiCheat.VerifyReceipt(string purchasedProduct, string publicKey, OnReceiptVerifyCallback callback)

where OnReceiptVerifyCallback is the function like this:

public void onReceiptVerifyCallback (DevToDev.ReceiptVerificationStatus status) {
  Debug.Log ("Verification status" + status);
  //TODO put your source here
}

Here's how to find your application's public key for licensing (for Google Play platform only, for other platforms the publicKey is not used):

  1. Go to the Google Play Console and sign in. Make sure that you sign in to the account from which the application you are licensing is published (or will be published).

  2. In the application details page, locate the Services & APIs link and click it.

  3. In the Services & APIs page, locate the Licensing & In-App Billing section. Your public key for licensing is given in the Your License Key For This Application field.

ReceiptVerificationStatus can take one of the following values:

public enum ReceiptVerificationStatus {
  ReceiptValid,
  ReceiptNotValid,
  ReceiptServerError,
  ReceiptSandbox,
  ReceiptInternalError    
};

Don't forget that it is enough to set only receipt field to check the payment on iOS (iTunes) or Windows/Windows Phone (Microsoft Store), and for Android (Google Play) the fields signature and publicKey should be set.

Сore SDK should be initialized prior to the call of VerifyPayment function.

2. In case of an unsuccessful check (ReceiptNotValid result) do not call SDK method RealPayment. In other cases:

DevToDev.Anatylics.RealPayment(string pPaymentId, float pInAppPrice, string pInAppName,
                               string pInAppCurrencyISOCode);

Time cheats check

To check for time cheats call VerifyTime method.

1. Call the method to time verification:

DevToDev.AntiCheat.VerifyTime(OnTimeVerifyCallback callback);

where OnTimeVerifyCallback is the function like this:

public void onTimeVerifyFinished (DevToDev.TimeVerificationStatus status) {
  Debug.Log ("Verification status" + status);
  //TODO put your source here
};

DevToDevTimeVerificationStatus can take one of the following values:

public enum TimeVerificationStatus {
   TimeValid,
   TimeForward,
   TimeRewind
};

Сore SDK should be initialized prior to the call of VerifyTime function.

Last updated

#989: best practices - improved readability

Change request updated