Server side games are basically apps that keep only some of the logic on the phone (mostly gui controls, assets too large to stream from an external source, etc. and the main(sensitive) code like hard currency, user info and the like on their own webserver.The reason its so difficult is you aren't just hacking static code on your phone, its dynamic code usually connected to a database, usually a minimum of ssl protection encryption, not to mention the higher illegality of attacking a webserver to deter a modder. As far as fake transactions, Google makes it simple to a webserver to confirm a receipt of a purchase direct contact without your phones involvement. Its one thing to MITM requests between your phone and the app, its another to even attempt to highjack a curl request from one host to another when you arent either party.
Now reality is anything is hackable with enough time, patience, and know how. Question is, is it worth the effort and personal liability to someone to mod the game, that may see an update making the mod useless? (Another side effect of being server side, easy to push unwanted updates) If they feel so, you'll see it modded. More often then not though, the answer is no so thats the reason most you never see a mod for, or so drop off after one or two updates