Resolved How do I make my game a freemium game?

Discussion in 'iOS Programming' started by moonman239, Apr 15, 2014.

  1. moonman239, Apr 15, 2014
    Last edited: Apr 21, 2014

    moonman239 macrumors 68000

    Mar 27, 2009
    I have a racing game. In this game, the user will be allowed to purchase additional cars. How do I keep track of what cars the user purchased and make sure he or she did not steal any cars?

    I came up with the idea of storing data on all cars in an XML file that is bundled with the app, and making the app parse the file. The problem is that I have no idea how to check to see if the file was modified.

    I can already see ways that people could steal car data from others.
  2. ArtOfWarfare macrumors G3


    Nov 26, 2007
    There's no easy way of doing this. Your best bet is to trust your users and not waste time trying to deal with the ones that will steal from you. Statistics I've heard (I don't have the source) are:

    80% of users are honest and will buy the things they want
    15% of users are dishonest and will steal the things they want if they can, or ignore it if they can't
    5% of users are dishonest and will steal the things they want if they can, or buy it if they can't

    If you don't want to do this, then I think the only way to reliably do this is to set up a server:

    Player makes purchase in your app -> Apple's servers process payment -> Your app gets receipt -> Your server gets the receipt and check's with Apple's servers that it's legitimate and stores in a database that the user has purchased the item.

    Then, right after the purchase or whenever your app needs to know, it asks your server -> Your server queries it's database and does a private key encryption on its response -> Your app receives the response and uses a public key to decrypt the message and determine what the user has purchased.

    Your server uses a private key and your app a public key to minimize the odds that an attacker can spoof the message... of course, a determined hacker could jailbreak their phone, modify your binary to replace your public key with their own, and set up their own server which generates responses using their own private key.

    The odds of that particular attack seem quite slim given that it seems to me that anyone that could make such an attack has better things to do with their time and money than to hack your server so they can steal a few dollars worth of in-app purchases.
  3. moonman239 thread starter macrumors 68000

    Mar 27, 2009

Share This Page