Rewarded Video (V4VC™) Security

1. How secure is rewarded video and what is the implementation?
2. What is the secure server verification process exactly?
Read more about rewarded video


1. How secure is rewarded video and what is the implementation?

In order to securely reward users with currency, AdColony’s rewarded video server verification system requires developers to operate a server for the purpose of persistently tracking users’ virtual currency balances, providing access to balance information to the mobile application, and processing AdColony rewarded currency awards. This virtual currency server allows the implementation of an end-to-end currency award process, maintaining security at all stages.

You may implement rewarded video on the client without a remote server and API. However, that solution is not fully secure, as the client can always be hacked. We recommend a server-side solution, but if that is not possible, then you will need to reward your users via code in your app when notified by the AdColony SDK and make an effort to secure this on the client.
Back to Top

2. What is the secure server verification process exactly?

The secure currency award process begins when a user finishes viewing an advertisement displayed by an AdColony rewarded video zone. When the AdColony SDK residing in a developer’s mobile application reports a completed video view to our AdColony servers, the server uses developer-supplied configuration data to create a callback URL pointing to the developer’s server.

The URL is essentially a token that can be used once in order to award a specific user with a specified amount of virtual currency. This URL includes data describing the currency award that the server should perform, which specifies unique user identifying information as well as currency amount and type. The URL also includes two security features to prevent abuse of the reward system. One is a unique identifier number; this allows the developer’s server to deny repeated uses of the same URL. The other security feature is a message hash that combines the application’s secret key with the rest of the URL data; this allows the developer’s server to ensure that the URL was created by the AdColony servers.

Once created, the callback URL is returned to the AdColony SDK residing within the developer’s mobile application. The AdColony SDK accesses the URL to contact the developer’s server. At this point, the developer’s server verifies the integrity of the URL, and then performs the requested currency award. Once complete, it returns a success or failure message to the AdColony SDK, which in turn relays this information to the developer’s code within the developer’s mobile app.

When notified of currency award success, the developer’s code within the mobile app contacts the developer’s server and retrieves an updated currency balance to display to the user.

Implemented properly, this end-to-end system prevents tampering with currency awards within the AdColony reward system. While there is the additional burden for developers of maintaining and operating a virtual currency server, a secure virtual currency server ensures that currency balances cannot be modified by users in order to avoid paying for content.

Note: AdColony’s secure server-side verification process is proprietary and patent-pending.

Back to top

Last updated byMelissa White