Contact person: Business Client

Phone:Show

Email:Show

Location: Bengaluru, India

Budget: Recommended by industry experts

Time to start: As soon as possible

Project description:
"Here is the updated, robust project description. I have added a dedicated "Security & Fraud Prevention" section that explicitly details your requirements for VPN blocking, root detection, and geolocation validation.

---

## Project Title: Develop a Secure "Play-to-Earn" Android Ecosystem (Host App + Game SDK + Admin)

Project Overview:
I am looking for an experienced Full-Stack Mobile Developer (or team) to build a high-security "Play-to-Earn" ecosystem similar to "BestPlay". The system involves a Host App (Catalog), a Unity SDK for Target Games, and a Backend.

Critical Requirement: This app involves real money payouts. Therefore, Anti-Fraud and Security measures are the highest priority. The system must aggressively detect and block users attempting to farm coins using VPNs, emulators, or rooted devices.

---

### Scope of Work

#### 1. The Host App (Android Native/Flutter)

* Silent Login: Generate unique UUID linked to device/installation on first launch.
* Game Catalog: Display games fetched from the backend.
* Smart Attribution: Generate Play Store intents with the User ID embedded in the referrer parameter to track installs without login.
* Gamified UI: "Daily Target" bars, Real-time Coin/Cash stats, "Keep Playing" library.
* Profile: Withdrawal history, facial verification status, and support.

#### 2. Target Game Integration (Unity C# SDK)

* Attribution Handshake: Read the utm_content from the Play Install Referrer API to link the user.
* Revenue Listener: Listen to AdMob/AppLovin OnPaidEvent to calculate exact revenue.
* Secure Reporting: Send encrypted payloads to the backend on level completion.

#### 3. Backend & Admin Panel

* Admin Dashboard: Manage games, view user activity, approve/reject payouts.
* Fraud Flagging: Automatically flag users with suspicious activity (high earning rate, IP mismatches).

---

### 4. Advanced Security & Fraud Prevention (CRITICAL)

*The system must strictly enforce the following rules. If any check fails, the user must be blocked from earning coins or cashing out.*

A. Network & Location Validation

* VPN/Proxy Detection: Detect active VPN interfaces (e.g., tun0, ppp0) or proxy connections. No ads should load, and no coins should be awarded if a VPN is active.
* Geo-Consistency Check: Compare the user's IP Address Country against the SIM Card Country (TelephonyManager). If they do not match (e.g., IP is USA, but SIM is India), flag the account.

B. Device Integrity (Root & Bootloader)

* Root Detection: Check for su binaries, Magisk, or SuperUser packages.
* Bootloader Status: Detect unlocked bootloaders.
* Google Play Integrity API: Implementation of the Play Integrity API (formerly SafetyNet) to ensure the request is coming from a genuine, unmodified Android device.
* Emulator Blocking: Detect generic hardware strings (e.g., "Goldfish", "Genymotion", "Nox") to block emulators.

C. Interaction & Deception Blocks

* Auto-Clicker Detection: Detect if accessibility services are being abused to simulate clicks.
* Time Tampering: Validate server time vs. device time to prevent "speed hacking" or skipping countdowns.
* USB Debugging: Earning should be disabled if ADB/USB Debugging is enabled on the device.

---

### Deliverables

1. Source Code: Host App, Backend, and Unity SDK.
2. Security Documentation: A detailed report on how the anti-fraud measures are implemented.
3. Admin Panel: Deployed and linked to the apps.
4. APK: Test build demonstrating the attribution flow and security blocks.

---

### Screening Questions

1. How do you plan to detect a VPN connection programmatically on Android 12+?
2. Have you implemented the Google Play Integrity API before? How do you handle the token verification on the backend?
3. What strategy will you use to match the User's IP location with their SIM/Carrier location?
4. How does the Target Game identify the user without a login (explain the Install Referrer flow)?

---" (client-provided description)