Due to the sensitive data we use on the client side, such as "private key" and "amount," we are open to attack via a reverse engineering. Therefore, we must secure our application.

# Securing Only Premium Feature

• as much as possible, verify whether the user has made a app purchase in every activity. This is to prevent the user from using the app without paying.

To check if user has made a app purchased, ChapaUtil.isCurrentPlanIn("your-app-plan-name","other-valid-plan","....") method. It returns true if user has made a app purchase on the listed app-plans and false if user hasn't made in listed app-plan a payment.

• Method 1

on Activity onCreate method, check if user has made a app purchase. If user hasn't made a app purchase, redirect user to PaymentActivity or Close the app.

• Method 2

the above method is repetitive, so we can create a BaseActivity class and extend ALL ACTIVITY that require purchase from it. Then in BaseActivity class, check if user has made a app purchase. If user hasn't made a app purchase, redirect user to PaymentActivity or Close the app.

@code

@code

• Encrypt Amount and chapa secret Key and item-key.
  To encrypt data, use Cipher.encrypt method.

@code

@code

• Always Use Proguard to obfuscate your code. This will make it harder for attackers to reverse engineer your code. Learn more

Learn more about App Security Best Practice