Following the recent in-app purchase hack that stole from developers and potentially put users data to risk, developer Marco Tabini has launched a new, free service called Beeblex to make the process safer.
Beeblex works by providing developers with a small library that can be easily integrated within their apps and, in a matter of minutes, be used to validate IAP receipts to determine their validity. The algorithm used to perform the validation uses asymmetric encryption to protect all data, and is designed to deter man-in-the-middle attacks and certificate spoofing. In addition, Beeblex keeps track of receipt identification tokens and reports duplicates to the app, helping reduce the incidence of unauthorized receipt reuse.
This sounds like a great service, of course one potential downside is, what if Beeblex’s end goes down? But, they say they’ve built mechanisms into the SDK to defer transactions in case of a loss of service, whether it’s a problem on their end, or a lost data connection.
This could be an option for all you developers out there to explore to help secure your in-app transactions, and your cashflow.
More information is available on the Beeblex website.