So I've implemented the code from the guide for an In App Purchase and so far it's working perfectly. The problem I'm having is..the way it works. From what I can tell, the only way to verify if a person has purchased an IAP is to read from a secure ds_map file that was saved previously (or if it's already in memory). What if that file gets deleted from their phone? Those that mean someone who's spent hundreds of dollars on IAP's is completely out of luck? Or, someone manages to decrypt that file and change it themselves. Is there no way to verify from the Google Play store directly if an IAP is owned by the user? This isn't really explained in the guide.