In-App Purchase Validation FAQ

In-App Purchase (IAP) validation is a process in which Singular evaluates revenue events in your apps (both Android and iOS) and detects invalid/fraudulent user purchases so that they do not skew your revenue metrics.

For more about setting up events in your SDK integration, see the appropriate SDK guide and Testing Events and Revenue.

 

General Questions

What causes invalid purchases?

Invalid purchases are usually caused by the following types of fraud:

  1. User fraud: Real users hack/fool the app to get IAP-based favors/items without paying for them.

  2. Marketing fraud: Fraudulent publishers send fake revenue events to boost their KPIs and make it seem like they bring in quality users.

How does Singular validate purchases?

Google Play and the Apple App Store generate digital receipts when users make financial transactions through Android and iOS apps. Each receipt encodes the details of the purchase and is cryptographically signed by Google/Apple.

You can send the purchase receipt to Singular alongside your revenue events, allowing Singular to verify the legitimacy of the purchase.

When Singular gets a revenue event with a receipt, it checks the following:

  1. Singular received a receipt.
  2. The receipt wasn't reused (i.e., sent in a  past transaction).
  3. The signature on the receipt is valid.
    1. In iOS, Singular verifies the signature using Apple's certificate.
    2. In Android, Singular uses the app's licensing key, if it has been provided.
  4. The receipt details match the app and transaction details

If Singular finds that the revenue event is invalid, it is renamed to __iapinvalid__.

Note: To help make the process even more secure, you can provide the following:

How do I send purchase receipts to Singular?

To send purchase receipts, use the correct IAP reporting method according to your platform and integration type:

What happens when Singular receives a purchase event without a receipt?

Missing receipts may indicate fraudulent revenue.

Once you have a version of your app that sends receipts to Singular for every purchase, and that new version is live in the app store, all new events (from this version and onwards) should have receipts included. 

To have Singular reject revenue from any purchase that doesn't come with a receipt, enable the Reject IAP Without Receipt option for your app on the Apps page.

Note: Revenue from users who installed or updated the app before enabling this option will not be rejected. The exact date is shown next to the toggle.

mceclip0.png

How does purchase validation affect my reporting?

Once purchase validation is enabled, only valid revenue will be shown in the Revenue field in reporting.

mceclip0.png

How is purchase validation reflected in Singular's logs (export logs)?

The following fields appear in the logs for both Event and Postback types:

Field What to Look For
Event name If the receipt is invalid, the event’s name is __iapinvalid__.
Event revenue If the receipt is invalid, the event’s revenue is 0.
Received revenue event The original event name.
Received revenue The original claimed revenue.
Is revenue receipt included Whether a receipt was provided for the purchase.
Is revenue valid Whether the purchase was found to be valid.
How is purchase validation reflected in postbacks?

Internal BI Postbacks

Singular sends the following parameters:

Parameter What to Look For
event_name If the receipt is invalid, the event’s name is __iapinvalid__.
amount if the receipt is invalid, the event’s revenue is 0.
received_revenue_event The original event name.
received_revenue The original claimed revenue.
purchase_receipt_included Whether a receipt was provided for the purchase.
purchase_receipt_valid Whether the purchase was found to be valid.

Custom Postbacks

To configure custom postbacks, see the Event Macros section in Postback Macros & Passthrough Parameters.

Note: If you want to receive postbacks for rejected revenue, you can configure postbacks for the __iapinvalid__ event