What is in-app purchase validation?
In-app purchase (IAP) validation is a process in which Singular evaluates revenue events in your apps (both Android and iOS) and detects invalid/fraudulent user purchases so that they do not skew your revenue metrics.
What causes invalid purchases?
Invalid purchases are usually caused by the following types of fraud:
User fraud: Real users hack/fool the app to get IAP-based favors/items without paying for them.
Marketing fraud: Fraudulent publishers send fake revenue events to boost their KPIs and make it seem like they bring in quality users.
How does Singular validate purchases?
Google Play and the Apple App Store generate digital receipts when users make financial transactions through Android and iOS apps. Each receipt encodes the details of the purchase and is cryptographically signed by Google/Apple.
You can send the purchase receipt to Singular alongside your revenue events, allowing Singular to verify the legitimacy of the purchase.
When Singular gets a revenue event with a receipt, it checks the following:
- Singular received a receipt.
- The receipt wasn't reused (i.e., sent in a past transaction).
- The signature on the receipt is valid.
- In iOS, Singular verifies the signature using Apple's certificate.
- In Android, Singular uses the app's licensing key, if it has been provided.
- The receipt details match the app and transaction details
If Singular finds that the revenue event is invalid, it is renamed to __iapinvalid__.
Note: To help make the process even more secure, you can provide the following:
- Android Licensing Key: Allows Singular to verify receipts cryptographically in Android. For more information, see Adding Your Google Play Licensing Key.
- The product SKU identifier and the transaction identifier. For more information, see the SDK documentation (Unity, React Native, Android, iOS) or S2S documentation
How do I send purchase receipts to Singular?
To send purchase receipts, use the correct IAP reporting method according to your platform and integration type:
- Tracking revenue in Unity
- Tracking revenue in React Native
- Tracking revenue in Android
- Tracking revenue in iOS
- Tracking revenue in S2S
What happens when Singular receives a purchase event without a receipt?
Missing receipts may indicate fraudulent revenue.
Once you have a version of your app that sends receipts to Singular for every purchase, and that new version is live in the app store, all new events (from this version and onwards) should have receipts included.
To have Singular reject revenue from any purchase that doesn't come with a receipt, enable the Reject IAP Without Receipt option for your app on the Apps page.
Note: Revenue from users who installed or updated the app before enabling this option will not be rejected. The exact date is shown next to the toggle.
How does purchase validation affect my reporting?
Once purchase validation is enabled, only valid revenue will be shown in the Revenue field in reporting.
How is purchase validation reflected in Singular's logs (export logs)?
The following fields appear in the logs for both Event and Postback types:
|Field||What to Look For|
|Event name||If the receipt is invalid, the event’s name is __iapinvalid__.|
|Event revenue||If the receipt is invalid, the event’s revenue is 0.|
|Received revenue event||The original event name.|
|Received revenue||The original claimed revenue.|
|Is revenue receipt included||Whether a receipt was provided for the purchase.|
|Is revenue valid||Whether the purchase was found to be valid.|
How is purchase validation reflected in postbacks?
Internal BI Postbacks
Singular sends the following parameters:
|Parameter||What to Look For|
|event_name||If the receipt is invalid, the event’s name is __iapinvalid__.|
|amount||if the receipt is invalid, the event’s revenue is 0.|
|received_revenue_event||The original event name.|
|received_revenue||The original claimed revenue.|
|purchase_receipt_included||Whether a receipt was provided for the purchase.|
|purchase_receipt_valid||Whether the purchase was found to be valid.|
To configure custom postbacks, see the Event Macros section in Postback Macros & Passthrough Parameters.
Note: If you want to receive postbacks for rejected revenue, you can configure postbacks for the __iapinvalid__ event