ACTION REQUIRED: Google Play Merchant In-app Billing Sample Code Security Update

Hello,

If you previously used the In-app billing sample code to build your in-app billing system, please use the recently-updated sample code as it addresses an exploitable flaw we recently discovered (note that this only affects the helper sample code; the core system and in-app billing service itself was not affected).

The affected applications are those that use the in-app billing sample library (specifically, the IabHelper and the Security classes in the util directory of the in-app billing V3 sample) and do not perform server-side verification.

An update to the sample and library that fixes this vulnerability is now available at code.google.com/p/marketbilling and also through the Android SDK Manager.

To apply the security update:

1. Download the updated source code for the in-app billing sample and library from the Android SDK Manager, which is part of the Android SDK. The in-app billing package is located under Extras -> Google Play Billing Library. Make sure to update to Revision 5. (or, alternatively, download the updated source code from the public repository at code.google.com/p/marketbilling).

2. Merge the new code for IabHelper.java and Security.java into your application, replacing the existing code.

If you prefer to apply the code changes manually, you can browse the diff at https://code.google.com/p/marketbilling/source/detail?r=7bc191a004483a1034b758e1df0bda062088d840 and merge the modifications into the appropriate parts of your code.

Thank you for your continued support of Google Play.

Regards,
The Google Play Team

©2013 Google Inc.
1600 Amphitheatre Parkway
Mountain View, CA  94043

Email preferences: You have received this mandatory email service announcement to update you about important changes to your Google Play account.