Tech giant Google revealed on Thursday that its Play Commerce service, which lets developers collect payments from users in 170 countries, prevented more than $2 billion in fraudulent and abusive transactions in 2022.
In a blog post, the Android-maker said that bad actors who want to abuse mobile apps use various tactics for both one-time purchases and auto-renewing payments.
‘’For example, they may attempt to purchase an item in your app with a compromised form of payment, or request a refund for an in-app purchase that’s been already consumed or sold, or use scammed gift cards for purchases,’’ the company said. ‘’When a combined or coordinated attempt is carried out by bad actors, it can result in large-scale abuse on your app.’’
Google added that bad actors frequently take advantage of the information asymmetry between Google Play and mobile developers. To help prevent this, Google suggests using its ‘’Voided Purchases API’’ and ‘’Obfuscated Account ID’’ solutions, which it says have been integrated by more than 70% of its top 200 developers who monetize their apps.
When a developer integrates the Voided Purchases API, it offers them a list of all the in-app purchase and subscription orders that have been cancelled by users, so that they can prevent them from using those products again.
Obfuscated Account ID, on the other hand, allows Google Play to identify fraudulent transactions, like multiple devices making purchases within a short period of time under the same account.
Google also recommends developers to use its ‘’Play Integrity API’’, which lets them request an assessment when they want to check a user action or a server request, get information about the device, app and the account, and implement measures to prevent the suspicious activity.