Due to the sensitive data we use on the client side, such as "private key" and "amount," we are open to attack via a reverse engineering. Therefore, we must secure our application.
# Securing Only Premium Feature
- as much as possible, verify whether the user has made a app purchase in every activity. This is to prevent the user from using the app without paying.
To check if user has made a app purchased,
ChapaUtil.isCurrentPlanIn("your-app-plan-name","other-valid-plan","....")
method. It returnstrue
if user has made a app purchase on the listed app-plans andfalse
if user hasn't made in listed app-plan a payment.
- Method 1
on Activity onCreate
method, check if user has made a app purchase. If user hasn't made a app purchase, redirect user to PaymentActivity
or Close the app
.
- Method 2
the above method is repetitive, so we can create a BaseActivity
class and extend ALL ACTIVITY that require purchase from it. Then in BaseActivity
class, check if user has made a app purchase. If user hasn't made a app purchase, redirect user to PaymentActivity
or Close the app
.
@code
@code
- Encrypt
Amount
andchapa secret Key
anditem-key
.
To encrypt data, useCipher.encrypt
method.
@code
@code
- Always Use
Proguard
to obfuscate your code. This will make it harder for attackers to reverse engineer your code. Learn more
Learn more about App Security Best Practice