Google has announced that it prevented $2 billion worth of fraud in 2022 on Google Play Commerce by tackling bad actors that were using different strategies to make money. Some tricks fraudsters tried included using a compromised payment method, asking for a refund for an in-app item that was already consumed, and the use of scammed gift cards for purchases.
Google has two tools that developers can use to help reduce the abuse of their apps, they are the Voided Purchases API and Obfuscated Account ID. The Voided Purchases API provides you with a list of in-app and subscription orders for each user that has been voided – users are then unable to access the products from those orders.
With the Obfuscated Account ID, Google can detect fraudulent transactions such as devices making purchases on the same account within a short space of time.
To further reduce fraud, Google recently released Purchases.product.consume for developers. Explaining this feature, Google said:
“This month, we launched the Purchases.product.consume, which allows you to consume in-app items using the Play Developer API, reducing the risk of client-side abuse by shifting more business logic to your secure backends. For example, if a bad actor purchases an item from your app but tampers with the client side, the purchase will be automatically refunded due to lack of acknowledgement after 3 days of purchase. Using server side consumption will prevent this type of app abuse.”
If you want to learn about the other measures Google is planning to put in place this year to fight fraud and boost safety, check out this blog post from earlier this month that outlined the company’s plans.