I'm developing an Android app that will offer in-app billing to the user to buy a certain number of coins (for example). When this purchase is consumed, I want to store this fact by increasing a variable CoinsRemaining, for example.
A simple way to do this is to increase with variable and update it in a SharedPreference in internal memory.
However, if the device is rooted, with the user having write access to /data, surely the user can modify the preferences manually to increase this CoinsRemaining variable.
I know there is a always a trade-off between effort required to make something secure, and how valuable the protected content is etc. Is there a more secure way to achieve this without using complicated server-side strategies?
You can use secure preferences, but encryption key also should be saved somewhere on device or in your application code. You can use keystore for saving encryption key in it.
Secure preferences projects: scottyab/secure-preferences, kovmarci86/android-secure-preferences