Resolved Data safety, both the user and the IAP

In my game I plan on having an IAP currency system. I am wondering how I should protect the user, and how to keep people from pirating cosmetics. I don't know if a system is built in because I am new to this side of unity, I've only done large school projects, so monetization isn't something I'm familiar with. On the same side, I have a few in game earnable currency's, should I save it the same way, or is there a different way that just stops the user from giving infinite creds, like in risk of rain.

 

Thanks, does this also work if I'm going through steam?

 

Oh and should I do this for things that don't require money, for like items you get on leveling up

 

@Voxstern if you are concerned about IAP pirates, you definitely need server-side validation. I am offering a service for this with managed servers over on my website.

Unity IAP does not support Steam, so there is nothing it could do in this regard. However, my asset Simple IAP System provides support for Steam in two ways - the native, Steam Inventory implementation or Steam via PlayFab. Note that there is no extra validation required for Steam (like my service above) - they have their own fraud detection systems which are secure already.

When using Unity IAP or Simple IAP System alone, it does not verify purchases that can be done locally, such as virtual purchases (e.g. buying a sword for coins earned in-game). That's why I've mentioned PlayFab above. When using Simple IAP System in combination with PlayFab, all transactions are passed through PlayFab servers which check for the user's currency in their inventory, in addition to verifying the purchase with the App Store, before finishing the transaction. There is virtually no way to hack the system, except you implement a "currency leak" yourself.

When looking at the available options, it is your decision how "secure" your app should be.

 

Thanks so much I'll check that stuff out!