It's official, Android in-app purchase code needs an update.

Distul · July 28, 2016, 9:31pm

Got this e-mail from Google, is this something we can fix in one of the java files or are we doomed until a code fix or sdk update happens?

Hello Google Play Developer,

We detected that your app(s) listed at the end of this email are invoking the in-app billing service without setting a target package for the intent. This can enable a malicious package to bypass the Play store billing system and access items that have not been purchased.

Next Steps
If you are using IabHelper, please start using the latest SDK.
If you are manually invoking the in-app billing service, make sure you are calling Intent.setPackage(“com.android.vending”) on any intents to "com.android.vending.billing.InAppBillingService.BIND".
Sign in to your Developer Console and submit the updated version of your app.
Check back after five hours - we’ll show a warning message if the app hasn’t been updated correctly.

Chris_Babcock · July 28, 2016, 10:32pm

Hi @Distul,

We already do this in IabHelper.java:

    Intent serviceIntent = new Intent("com.android.vending.billing.InAppBillingService.BIND");
    serviceIntent.setPackage("com.android.vending");

And in GooglePlayStoreHelper.java:

	Intent serviceIntent = new Intent("com.android.vending.billing.InAppBillingService.BIND");
	serviceIntent.setPackage("com.android.vending");

4.13 is also updating Google Play Services 5.0.89 (rev19) to 9.2.0 (rev31).

Distul · July 28, 2016, 11:13pm

Chris Babcock;572452:

Hi @Distul,

We already do this in IabHelper.java:
    Intent serviceIntent = new Intent("com.android.vending.billing.InAppBillingService.BIND");
    serviceIntent.setPackage("com.android.vending");
And in GooglePlayStoreHelper.java:
	Intent serviceIntent = new Intent("com.android.vending.billing.InAppBillingService.BIND");
	serviceIntent.setPackage("com.android.vending");
4.13 is also updating Google Play Services 8.4 to 9.2.0.

I’m happy to hear about the services update. Weird that the configurations are already implemented as Dev Console is telling me my APKs don’t have those changes. But I checked the files of the last engine version I’ve published with and everything checks out.

Thank you for the quick response.