Just about ready to publish my app but I have a security issue I need to understand first. This is my first time using both the Amazon app store as well as IAPs, so sorry for my lack of understanding. My question is, what is stopping a customer from installing the SDK Tester themselves, creating a simple json file with data obtainable from the client apk, and circumventing the Amazon IAP servers? Do I need to check of the SDK Tester is installed and if so block access? Or is this a simple flag that I'm not seeing, or is there some other solution to prevent such a method of piracy? Thanks in advance.
Hello Chris, The live version of your app, that is distributed through App Store will never talk to SDK tester and it will always fetch the IAP items from live server. SDK tester is provided for developer to test IAP in sandbox mode in the apk what is not submitted to us. You should not worry about this and please do not put any unnecessary check in your code.
Thanks for your response. I'm curious do I need to set a flag once I'm ready to submit the live version? If not, do you guys modify the app in some way after I submit it that prevents it from talking to the SDK tester?