Google has revealed that it prevented fraudulent transactions totaling $2 billion in Google Play in 2022. The transactions involved compromised payment methods, compensation demands for in-game purchases, and fake gift cards. To prevent scammers from taking advantage of the platform, Google employs Voided Purchases API and Obfuscated Account ID tools. Voided Purchases API provides a list of purchases made by each user in the application, preventing access to these elements after purchase. Obfuscated Account ID is utilized to detect fraudulent transactions, such as purchases made by devices in the same account within a short period.
To further minimize incidences of fraud, Google has released PURCHASE.PRODUCT.CONSUME, a tool meant for developers to use in their applications through the Play Developer API. The tool reduces the risk of abuse on the client side by transferring business logic to the server’s secure components. Transactions where there is an attempt to interfere with client work will cause an automatic return of the purchase in three days upon failure to confirm the transaction.
Google’s efforts come after the Mozilla Foundation accused 80% of Google Play Store apps of incorrect labeling in their descriptions of data safety. The label “Safety of Data” categorized applications like TikTok and Twitter as not transmitting personal data to external parties. However, in the privacy policies of these applications, it is clear that they share user information with advertisers, internet providers, platforms, and other types of companies. It is worth noting that the social network, TikTok is banned in Russia.