[dozy]

Patching an APK like this would break parts of the app, specifically the parts that are arguably the most crucial to be followed by pinned API calls. For example, in-app purchases via Google Play that validate the app's signing would all fail. Similarly restoring any previous in app purchases would also fail. Finally, you wouldn't be able to install this APK without uninstalling the valid production APK first, again due to signature/signing mismatch.

[maxerickson]

A normal user wouldn't do this, someone who cared more about examining the network traffic than in app purchases would do this.

[dozy]

Agreed. I was commenting on this workaround's viability to be used by a bad actor attempting to compromise the game and other players of it.

[conradev]

Would patching it using Cydia Substrate keep the app's signature intact?

[jor-el]

Cydia performs dynamic hooking, and patches the function in the runtime. In theory app's signature should be intact (I have never come across this scenario in practice, so might be wrong). Generally, application implement additional checks for function hooking and dynamic library injections to prevent such attacks.