I created android app(xamarin forms) with subscription. I process subscriptions on my own service. But there is one point, a quote from the documentation:
Keep in mind that users will want the ability to use your app at any time, including when there may be no network connection available. Make sure that your approach to purchase verification accounts for the offline use-case.
How to implement this check if the Internet connection is missing? My idea is to store a "local label" (in the database or file) about the current subscription on device. But this is not reliable, easy to break. I also found information about android keystore. But it looks complicated.
Any ideas and advice.
Supposedly there is a plethora of ways of storing information about a subscription locally. One way would be, to encrypt the subscription information asymetrically
It would be possible to read the license file by obtaining the public key from the client (it's public after all), hence if you really want to be sure, you should not store any sensitive information in it, but it should not be able to forge the license, since this would require the private key, which is not known. Due to the device code the client passed it's not possible to copy the license file to another device.
Furthermore you could give the license an expiry date, after which the client will be informed that xe will have to go online to renew the license.
Remarks: You can never trust code that is ran on a device you don't have full control over, hence possibly there might always be a way to bypass security measures.