Today I've published the new version of my Android app which implements in-app subscriptions.
Until now, 3 users have purchased an in-app subscription but only one of them seems to have a valid purchase token.
On my server, I have a cron task which checks everyday (thanks to the Google API) if a purchase is valid from its token and update the expiry date accordingly. But when I loop over the different purchases, two subscriptions give me the following error : "The purchase token was not found.". Moreover, the format of these two failed subscriptions seem really strange (lot shorter than the valid subscription token).
So, in your opinion, are there some users who succeeded in hacking my subscription purchase flow ?
Thanks!
There are some apps like Freedom and Lucky Patcher with these apps you could fake an in app purchase. So the users who have the fake tokens might have used these apps.