AppCoins is an open and distributed protocol for mobile app stores (GitHub). It will drastically improve and speed up advertising, in-app billing and app approvals, using blockchain and smart contracts technology. In this article, we are not going to focus on adversing nor app approval, the focus will be on in-app purchases.

As a proof-of-concept, we developed a sample app (GitHub) based on the Aptoide App Store (GitHub), which allows the users to purchase in-app items using AppCoins. The sample app uses the AppCoins lib, which can be found here.

Let’s suppose the following scenario: a user would like to buy gems in a game and pay with AppCoins. The flow would be:

User opens the game. User clicks to purchase gems. An Aptoide dialogue is displayed, showing the game and the cost of the gems in AppCoins. User confirms the purchase. In case, the payment is successful, a message is shown and the user jumps back to the game, where it can confirm the acquisition.

This is the flow from the user point of view. Please, check this flow in the following video:

From the technical point of view, when the user clicks on the buy button, it initiates a transfer of AppCoins from one party to another, in this case, from the user to the game company. This transfer requires a minimal number of details to build the transaction object:

the destination wallet address the amount of AppCoins that will be sent to the destination address

So, on the Android device, a transaction object with the information is created and signed. To sign the transaction object, we used the private key associated with an Ethereum wallet/account of the user. It is important to notice that the raw transaction does not have the source address, however this can be inferred from the signature. More information about transactions on Ethereum please check here.

Once we have the transaction signed, we send this raw transaction to the network for processing. For security issues, only the raw transaction is transmitted to the network, no private keys are shared. In order to send the raw transaction, we used the Etherscan Ethereum Developer API (Etherscan api documentation), more precisely we call:

Our lib calls the previous endpoint:

Using the Etherscan API, we wait for the confirmation of the transaction. The Ethereum network is responsible for confirming and validating the transactions on the Ethereum Blockchain. Every 5 seconds we call:

This allows us to check the status of the transaction. On our sample, the average time to receive the transaction confirmation is less than 1 minute.

Once we get a confirmation that the transaction was mined, and consequently committed into the Ethereum blockchain, we inform the user that the transaction was successful and we update the user’s balance, calling:

The user can now check his new balance in the Aptoide app and move back to the game, where the purchase started.

The communication between the Aptoide app, Etherscan and the Ethereum blockchain can be summarised in the following diagrams:

One of our major concerns was safety and potential attack vectors. In the case that somebody (man in the middle) can intercept the transaction and prevent it from reaching the network, the sender of the transaction will not suffer any consequences, because the transaction is signed, so manipulation cannot occur. Plus, the transaction will not reach the Ethereum blockchain. Therefore, Ethereum clients will never withdraw AppCoins from the sender wallet/account.

Scalability is another one of our concerns and depends on the Ethereum blockchain.

The cost of creating and sending a signed transaction is negligible, however confirmation times are blockchain specific, sometimes it can take too long. We are currently studying other solutions, such as Plasma, Raiden and µRaiden (more information). These solutions promise to deliver near instant payments.

Current solution uses the Etherscan.io API to communicate with the Ethereum network, so a third party service available is required. In order to mitigate this, we could run our own endpoints to connect to a geth client for instance.

This sample was only a proof-of-concept and we were able to successfully achieve our goal: using Aptoide app to purchase items and pay in AppCoins in a reasonable amount of time. As mentioned before, we are investigation other possibilities and trying to improve the purchase time.