Android In-App Billing : Security.java says "Signature Verification Failed"

Question

I have implemented a test app with Android's In-App Billing. I have filled in my Public Key in the Security.java file. Everything works, but when I submit the payment, the app crashes. I receive an error in LogCat that says "Signature Verification Failed", which corresponds to this bit of code:

if (!sig.verify(Base64.decode(signature))) {
                Log.e(TAG, "Signature verification failed.");
                return false;
}

If I change that bit to return true instead of return false, then everything works properly - I can submit payment and safely return to the app - but I am assuming that something else is wrong, since I probably should change that to return true.

Any ideas about what could be causing this?

Answer 1

That signature verification error can be caused by:

1.- A wrong public key. Maybe you've forgotten to copy some character. It happens :)

2.- The .apk must be signed. You can't use the debug.keystore, if you do your signature string will be empty.

And remember, for testing In-app billing:

• Add Android Market public key to Security.java (String base64EncodedPublicKey = "your public key here")

• Build in release mode and sign it (If you are using Eclipse, you can use the Export Wizard).

• Upload the release version to Android Market, do not publish it, and create the product list.

• Install the application onto your device ( adb -d install myapp.apk ) and make a test account primary on your device.