Google Play Warning Incorrect Implementation of Google Play inApp Billing

Question

I just received the following email from Google Play

'Hello Google Play Developer,

We detected that your app(s) listed at the end of this email are invoking the in-app billing service without setting a target package for the intent. This can enable a malicious package to bypass the Play store billing system and access items that have not been purchased.

Next Steps

If you are using IabHelper, please start using the latest SDK. If you are manually invoking the in-app billing service, make sure you are calling Intent.setPackage(“com.android.vending”) on any intents to "com.android.vending.billing.InAppBillingService.BIND". Sign in to your Developer Console and submit the updated version of your app. Check back after five hours - we’ll show a warning message if the app hasn’t been updated correctly.'

I am not sure what is the fix for this problem. Can anyone tell where to specify the code? Is it somewhere in Java Class or the Manifest?

Answer 1

I received the same warning a few days ago and was already setting the package for the intent like this:

Intent serviceIntent = new Intent("com.android.vending.billing.InAppBillingService.BIND");
serviceIntent.setPackage("com.android.vending");
bindService(serviceIntent, mServiceConn, Context.BIND_AUTO_CREATE);

The issue has gone away by updating to the latest versions of Google Play Services and targeting Lollipop (5.1) instead of KitKat (4.4)... if you're using any Google Play Apis make sure you update them to the newest versions and hopefully that'll fix it for you too.

Answer 2

We have also received this alert, and checked our apks. We found that old version of Google-Play-Service.jar seem to use intent for "com.android.vending.billing.InAppBillingService.BIND", witout setting setPackage.

We have also checked the latest Google-Play-Service.jar and this one was fine, so I'd suggest checking your library.