Receipt validation is a way to protect against fraudulent in-app purchases made in the iOS and Android app stores, and is used to ensure transactions occurred as reported.
How does receipt validation work?
While receipt validation can be done locally, the most common implementation is a server-to-server configuration.
The receipt validation flow is as follows:
- The user performs an in-app purchase
- The app store notifies the app of the successful purchase
- The app developer calls the SDK Receipt Validation function
- The SDK calls the mobile measurement partner’s (MMP) validation service
- The MMP validates the purchase to make sure it is not fraudulent and either a) creates a regular purchase event or b) tags it as fraudulent
- The MMP validation service transfers the response to the SDK.
- The SDK transfers the receipt validation response to the app (either success or fail).
Why receipt validation is important:
As fraudsters become more sophisticated, they find ways to perpetrate deeper in-app events and actions – fake purchase events included.
In the fight against fraudulent revenue events receipt validation is a powerful tool to ensure the veracity of transactions.