One of our apps on Android is currently quite vulnerable to IAP hacking. We want to avoid this as this will ruin some network-based systems and also harm our revenue.
We would like to know is there a way to validate the purchase receipt before we give him item. Thank you very much.
Also sorry for my extremely bad english, they may sound rude at some point(someone told me) but I am actually being very polite.:)
The way to do it is to use Purchase Status API
You will do the billing process on the client side, and once done, you will send the token to the server, and then, be able to check the status of a purchase.
If the status is what you expect, then you will enable or send the update to the user.