This indeed a know security issue from Google side, so I am going to suggest a workaround. Along with promo code provide the users with server id generated by your server, when getting a promo purchase validate the server id and accept the purchase just once. When using from market send the id with referrer. … Read more
This issue was opened on the google’s android-play-billing samples repo. Looks like it was ignored for a long time and was eventually closed with this comment. In short, they have following suggestions. We reviewed our guidelines and internal APIs, and since the developerPayload is not supported across all features on In-App Billing API (including promocodes), … Read more
There is not a way to do this with the current feature set in the Play store. You could produce a similar effect using the Licensing service (http://developer.android.com/guide/market/licensing) and perhaps in-app purchases. However sadly you will have to do most of the work yourself.