Admob Rewarded Ads and MongoDB Sync?

I’m building an android app, where I’ve integrated an Admob SDK to reward my users with Coins after they view an ad. I’m also using MongoDB Device Sync and authenticating users with it as well. I’m using rewarded ads, and when the callback triggers, I’m updating Coins value for the current user, and increasing it’s value.

My question is related to security. Is it safe for my users that they do have write permission to add/update their Coins value? Or it will be easy for them to spoof my app, and add custom number of coins on their own? How can I properly handle this situation?

Using server side verification should be a way to achieve this. You could set up a Custom HTTP endpoint to receive the Google callbacks.

That sounds like a nice solution, especially because I’m already have a database on atlas. However I don’t have experience with Javascript, and I’m for the first time working to implement the SSV for admob callback. I’m not really sure how all of that would work and function, there are not so many information about that process out there on the internet, except that link that you’ve sent.

I’ve been searching all around, but couldn’t find any example to learn from. Do you happen to have/know a real example that showcases how to achieve that?

Thank you for your answer btw, I really appreciate it!

Unfortunately I do not, you might want to ask this from your Google representative. I’d start with firing the callback and verifying the parameters it sends in the receiving function - you’ll also need to setup SSV for your rewarded ad unit. Hope this helps!