Google Play warning: Your app is using an incorrect implementation of in-app billing
I've just received this warning from Google for one of my games (which was published over a year ago now).
Is this a new requirement which is likely to be flagged in all our published apps?
Here's the email received:
Hello Google Play Developer,
We detected that your app(s) listed at the end of this email are invoking the in-app billing service without setting a target package for the intent. This can enable a malicious package to bypass the Play store billing system and access items that have not been purchased.
If you are using IabHelper, please start using the latest SDK.
If you are manually invoking the in-app billing service, make sure you are calling Intent.setPackage(“com.android.vending”) on any intents to "com.android.vending.billing.InAppBillingService.BIND".
Sign in to your Developer Console and submit the updated version of your app.
Check back after five hours - we’ll show a warning message if the app hasn’t been updated correctly.
We’re here to help
If you have other technical questions about the vulnerability, you can post to Stack Overflow and use the tag “android-security.” For clarification on steps you need to take to resolve this issue, you can contact our developer support team.
The Google Play Team