Google Protected Users from Losing $2 Billion

Google has stopped fraudulent transactions in the Google Play app store in the past year alone in the amount of about $ 2 billion. Users’ money was saved by branded tools called Voided Purchases API and Obfuscated Account ID.

The Voided Purchases API provides a list of each user’s purchases in the application, after which it will be impossible to access these items, and the Obfuscated Account ID allows you to detect fraudulent transactions, for example, devices making purchases in the same account for a short period of time.

Also, to stop fraudulent activity, Google released the Purchases.product.consume tool for developers, with which you can use items in the application through the Play Developer API, reducing the risk of client-side abuse by moving business logic to secure back-ends. If a fraudster tries to buy a product in the application and interferes with the work of the client, the purchase will be automatically returned due to the lack of confirmation within three days after the conditional transaction.

As a result, the automated system has saved about $2 billion in user funds. The main schemes of the attackers on Google Play included using compromised payment methods, demanding refunds for items already purchased in applications, and using fake gift cards for purchases.