In-app purchase promo codes breaks remote server verification?

This indeed a know security issue from Google side, so I am going to suggest a workaround. Along with promo code provide the users with server id generated by your server, when getting a promo purchase validate the server id and accept the purchase just once. When using from market send the id with referrer. … Read more

Are there alternatives to using Google’s in-app-billing , as a way to avoid publishing private info? [closed]

Yes, there is a company called Stripe that offers an API helps do the in app billing without the need to use the Google in app billing. EDIT : For the legal aspect of this, it depends on what you are selling , check this from google play policy. App purchases: Developers charging for apps … Read more

Google In-App billing, IllegalArgumentException: Service Intent must be explicit, after upgrading to Android L Dev Preview

I had the same problem and explicitly setting the package solved it. Similar to Aleksey’s answer, but simpler: Intent intent = new Intent(“”); // This is the key line that fixed everything for me intent.setPackage(“”); getContext().bindService(intent, serviceConnection, Context.BIND_AUTO_CREATE);

In-app purchases made via promo codes return empty developer payload string

This issue was opened on the google’s android-play-billing samples repo. Looks like it was ignored for a long time and was eventually closed with this comment. In short, they have following suggestions. We reviewed our guidelines and internal APIs, and since the developerPayload is not supported across all features on In-App Billing API (including promocodes), … Read more

Android In App Billing: securing application public key

Something like this: String Base64EncodedPublicKey key = “Ak3jfkd” + GetMiddleBit() + “D349824”; or String Base64EncodedPublicKey key = DecrementEachletter(“Bl4kgle”) + GetMiddleBit() + ReverseString(“D349824”); or anything that doesn’t put the key in base64 plaintext in a single string. Probably also something that doesn’t store the key in base64 would be a good idea too, since raw base64 … Read more