Tagged as a bug bounty?
The guy wanted a bug bounty on something like this?
Like if he discovered now that software can be cracked??
Of course they weren’t interested, all the software is crackable. Even if the dev wasted one week of dev time to implement server side validation, then the for the cracker doesn’t change anything, they patch the server check to reverse the logic. Ok it’s a bit harder but if it’s worth, determined crackers will take the challenge.
Look at denuvo and the thousands of online checks, all defeated eventually.
The app now needs to validate the response from the back end. If the attacker can bypass the purchase check, what prevents the attacker from bypassing the response from the back end?
Mostly nothing, but it’s enough to stop fully automated patching/modding the Playstore like Lucky Patcher does
