Google Play warning: Your app is using an incorrect implementation of in-app billing

tefica · July 28, 2016, 4:51pm

Hello

I’ve just received (to day) an email from Google Play who’s saying that my app is invoking the in-app billing service without setting a target package for the intent…?, this version of the app was an only BluePrint successfully builded with UE4.11 and published on Google Play since 05/16/2016…

I will investigate for that question but if someone know how to fix it, it will be very welcome

Thanks for your help

Best Regards

Stéphane

Content of the Google Play Mail :

Hello Google Play Developer,

We detected that your app(s) listed at
the end of this email are invoking the
in-app billing service without setting
a target package for the intent. This
can enable a malicious package to
bypass the Play store billing system
and access items that have not been
purchased.

Next Steps

If you are using IabHelper, please start using the latest SDK.
If you are manually invoking the in-app billing service, make sure you are calling Intent.setPackage(“com.android.vending”) on any intents to “com.android.vending.billing.InAppBillingService.BIND”.
Sign in to your Developer Console and submit the updated version of your app.
Check back after five hours - we’ll show a warning message if the app hasn’t been updated correctly. We’re here to help

If you have other technical questions
about the vulnerability, you can post
to Stack Overflow and use the tag
“android-security.” For clarification
on steps you need to take to resolve
this issue, you can contact our
developer support team.

Regards,

The Google Play Team

Affected app(s) and version(s) are
listed below. If you have more than 20
affected apps in your account, please
check the Developer Console for a full
list.
…

Ludusoft · July 29, 2016, 12:55am

Same situation here.

Shadowriver · July 29, 2016, 1:01am

Look like seriues matter, moving this to bug raport should have better reponce not to mention it’s something that needs to be fixed. Hmm do the same thing happends in 4.12?

minnow · July 29, 2016, 1:47am

I received same letter from Google play.
I used engine version 4.12.3. How can I resolve this issue?

Lam_Vu · July 29, 2016, 9:55am

Same here. I used 4.12 . Waiting for answer.

Ruthless · July 29, 2016, 10:06am

me too! 4.12.3

anonymous_user_687353a3 · July 29, 2016, 6:28pm

+1
Same situation here.

Shadowriver · July 29, 2016, 6:58pm

Ok so i change version used to as there 4.12 raports

zigziglagirafe · July 29, 2016, 7:52pm

Same here, any planning on fix Epic?

Chris_Babcock · July 29, 2016, 8:08pm

IabHelper.java is up to date in 4.12 and we do the setPackage call already.

The likely issue is the version of Google Player Services. We included rev19 which is version 5.0.89. For 4.13 I have updated this to 9.2.0 by adding support for AAR files from the package repositories.

For 4.12 if you are working with source you can try integrating this GitHub commit: link text

Since GitHub doesn’t have binaries you’ll need to skip the gpg-cpp-sdk.v2.1 and OnlineExternalUIInterfaceGooglePlay.cpp updates unless you download the library (.a) files from Google and place them in Engine/Source/ThirdParty/GooglePlay/gpg-cpp-sdk.v2.1/gpg-cpp-sdk/android/lib/c++ yourself.

Make sure you delete these (they will come from the repository now):

Engine/Build/Android/Java/JavaLibs/google-play-services_lib_rev19

Engine/Build/Android/java/JavaLibs/android-support-v4.jar

Run the Android SDK Manager installer and under Extras, make sure you have installed Android Support Repository rev35 and Google Repository rev31.

tefica · July 29, 2016, 10:41pm

Thx for your answer, I recently build the github release branch of UE4 (4.12.5); but I think better switch to the 4.13 Branch to stay up to date, I will keep you updated…
Thanks again

anonymous_user_d5ae67431 · July 31, 2016, 9:31am

me too (on 4.12.5 version) !!! any planning on fix Epic?