Published on

Indie Dev Weekly #30: Man-in-the-Middle Attack


2023, 0904-0910

I've felt weak and lethargic, just wanting to lie down, likely due to post-COVID symptoms. When lying down I either watch shows or scroll TikTok, leading to high usage compared to other apps. TikTok was in my Shopping category previously, only opened when I wanted to buy something. Now I'm addicted to random videos...gotta delete it!


I can only taste salty, sweet, and umami, coffee still has no flavor. I drink it only to avoid withdrawal symptoms.

Back to School!

Last month revenue from the domestic Android market dropped a lot, likely due to summer break. Now that school has been in session for over a week, active and new users show some rebound.



Zen Flip Clock and Minimal Diary both updated this week mainly to defend against man-in-the-middle attacks.

Man-in-the-Middle Attack

I learned from developer friends that a WeChat mini program shares scripts to crack in-app purchases. Both my apps were listed... RevenueCat released a mitigation method 2 months ago that I ignored until reminded by my group.

Better late than never.

The Zen Flip Clock update was simple, just one line of code. The Minimal Diary update was more involved - the RevenueCat SDK version supporting middleware attack defense is 4.25+ but I was still on 3.x, so I wrote a lot of upgrade code from 3.x to 4.x.



When upgrading RevenueCat SDK I noticed a new RevenueCatUI library - turns out they provide Paywalls now.

The 3 RC Paywall templates look clean and minimal. Configuration for in-app purchases is rich but limited for other info. I tried for 3 days but gave up because the betas kept showing image loading errors.


WWDC23 also introduced similar functionality in StoreKit - StoreView, ProductView and SubscriptionStoreView. But it looked too complex to rewrite my entire product page so I postponed for the iOS 17 launch.

If it ain't broke, don't fix it.


  • Finally finished Kingdom of Tears, huge weight off my mind.
  • Had to visit community office for census registry, so inefficient when it could just be online.
  • Discovered a new app highly similar UI/UX to Minimal Diary. First reaction was of course annoyance, second was determination to build an even better product and leave the copycat in the dust.
  • Got attacked for an innocuous post commenting on current events trends on Jike. Better to just post harmless things.
  • The 3 trademark infringing apps I reported last week - the new one already replied and renamed their app, no response yet from the other inactive ones which are likely abandoned. Many criticized me as petty, villainous, trademark troll, not cool. I accept the criticism and acknowledge objective facts presented. But I have my own reasons - business is business, legal compliance only.

Reference Links