Comparison of In-app Purchase APIs.
|Feature||Apple's Store Kit (IAP)||Google Play In-app Billing|
|User Validation||Apple doesn't require a developer to implement any user validation.
A developer should always trust the Store Kit about the fact of who made a purchase.
|Google strongly recommends to verify who the user who did the purchase, by adding and generating extra information about the purchase (aka Developer Payload).
It's also recommended to have an "own secure server" to track purchases.
A few stackoverflow links a user id:  . An explanation of payload is . Trying to identify a user, should not scare the user away. After all, they're trying to be entertained. They are not here for some spyware, but for a game