I’ve just received (to day) an email from Google Play who’s saying that my app is invoking the in-app billing service without setting a target package for the intent…?, this version of the app was an only BluePrint successfully builded with UE4.11 and published on Google Play since 05/16/2016…
I will investigate for that question but if someone know how to fix it, it will be very welcome
Thanks for your help
Best Regards
Stéphane
Content of the Google Play Mail :
Hello Google Play Developer,
We detected that your app(s) listed at
the end of this email are invoking the
in-app billing service without setting
a target package for the intent. This
can enable a malicious package to
bypass the Play store billing system
and access items that have not been
purchased.
Next Steps
If you are using IabHelper, please start using the latest SDK.
If you are manually invoking the in-app billing service, make sure you are calling Intent.setPackage(“com.android.vending”) on any intents to “com.android.vending.billing.InAppBillingService.BIND”.
Sign in to your Developer Console and submit the updated version of your app.
Check back after five hours - we’ll show a warning message if the app hasn’t been updated correctly. We’re here to help
If you have other technical questions
about the vulnerability, you can post
to Stack Overflow and use the tag
“android-security.” For clarification
on steps you need to take to resolve
this issue, you can contact our
developer support team.
Regards,
The Google Play Team
Affected app(s) and version(s) are
listed below. If you have more than 20
affected apps in your account, please
check the Developer Console for a full
list.
…
Look like seriues matter, moving this to bug raport should have better reponce not to mention it’s something that needs to be fixed. Hmm do the same thing happends in 4.12?
IabHelper.java is up to date in 4.12 and we do the setPackage call already.
The likely issue is the version of Google Player Services. We included rev19 which is version 5.0.89. For 4.13 I have updated this to 9.2.0 by adding support for AAR files from the package repositories.
For 4.12 if you are working with source you can try integrating this GitHub commit: link text
Since GitHub doesn’t have binaries you’ll need to skip the gpg-cpp-sdk.v2.1 and OnlineExternalUIInterfaceGooglePlay.cpp updates unless you download the library (.a) files from Google and place them in Engine/Source/ThirdParty/GooglePlay/gpg-cpp-sdk.v2.1/gpg-cpp-sdk/android/lib/c++ yourself.
Make sure you delete these (they will come from the repository now):
Thx for your answer, I recently build the github release branch of UE4 (4.12.5); but I think better switch to the 4.13 Branch to stay up to date, I will keep you updated…
Thanks again