Here's the problem: I'm creating my new game which has some inapp items. I am using the Starling Framework for the game so I develop on AS3. I want to protect the game from genius(!) players who may attempt to break into inapp purchase process.
AS3 calls an in-app ANE (Milkman's), when a success returns from the ANE, my AS3 code sends an acknowledgement to my game server. So a malicious player can always send this acknowledgement info to my server without completing the in-app purchase process as if it was completed successfully.
So I thought of creating my own ANE which will also send this acknowledgement after it completes the process, so no AS3 code to mess with. I also don't want to use Java on Android to make things a little harder so I wonder if it's possible to call C++ code (which calls JNI for in-app purchases) from AS3.
Milkman ANE is fine to use, google play has a proper secure way to protect your purchases from hacking - check out billing-security for GooglePlay. iTunes also has similar solution.
The main idea is to verify a purchase on server side with a private key which is only available for provider store (google play or iTunes) and your backend.