Google has recently released official support for in-app purchases which provides the ability for apps to sell things within the app. This benefits consumers by providing a secure purchasing channel as well as gives developers a range of powerful tools to quickly create product lists and implement in-app purchasing.
In the past, developers have been left on their own to create secure purchasing channels, which created a very loose definition of “security.” This new tool will allow mobile app developers to integrate Googles secure Market Billing Service.
From a developer point of view this helps alleviate many of the challenges with building or integrating a unique billing system. However allowing in-app purchases also creates a new set of security challenges that need to be addressed. Google provides a list of app security best practices which covers a few major points:
Ensure that unlocked content is protected
Obfuscate your code
Modify sample Code
Protect copyrighted and trademarked content
The issue here is that if you are selling something through your application, make sure that the process is secure and validated so that users or hackers cannot easily circumvent the process and gain access to unlocked content without paying.
This often means that even if content within an app is “unlocked,” it may be best to require that it be downloaded after purchase, rather than bundling it in your app initially. This may also include regular server checks or other validations that have the ability to revoke access to illegally obtained content. Also by obfuscating code before release, you can make it more difficult to reverse engineer important security elements.
Android also recommends changing or removing certain code if you are providing a free or sample version of your app because often by deconstructing the sample app, attackers can find vulnerabilities in the full version of the app.
Another important recommendation is to actively protect copyrighted and trademarked content. Android is very active about responding to infringement notifications, but it is the responsibility of the trademark and copyright holder to file a notice. Trademark infringement notifications and Copyright infringement notifications may be filed through the Android website.
Marketing and Design
In-app purchases can provide a very large and interesting revenue stream for app developers. Some of the worlds most profitable applications (especially gaming apps) make their money by offering in-app purchases rather than by charging for the app itself.
On popular example is the Facebook game Farmville. Even though the game itself is free to play, users can purchase different upgrades, in-game items, and benefits which at one time was bringing in over $1 million per day to the company.
The ability to sell upgrades to users once they are hooked on your product can be extremely profitable. The other benefit is that it is fairly easy to add in additional “paid” content into an app once the architecture is in place. This means that you can launch the app with a few features and optional extras, and then add new content as time goes by.