Google in the purchase and hacking of applications

Question

Google in the purchase and hacking of applications

I developed an application that became very popular, and someone hacked it. I would like to know if anyone knows first of all: how? If someone knows a workaround to avoid this. The app uses an in-app purchase in accordance with Google’s example to unlock some of the premium features as follows:

 private IabHelper mHelper;

        if (!isPro(getActivity())) {
            mHelper = new IabHelper(getActivity(), KKK);
            mHelper.enableDebugLogging(true);
            mHelper.startSetup(new IabHelper.OnIabSetupFinishedListener() {
                public void onIabSetupFinished(IabResult result) {

                    if (!result.isSuccess()) {
                        return;
                    }

                    // Have we been disposed of in the meantime? If so, quit.
                    if (mHelper == null) return;

                    // IAB is fully set up. Now, let get an inventory of stuff we own.
                    mHelper.queryInventoryAsync(mGotInventoryListener);
                }
            });
        }

    IabHelper.QueryInventoryFinishedListener mGotInventoryListener = new IabHelper.QueryInventoryFinishedListener() {
        public void onQueryInventoryFinished(IabResult result, Inventory inventory) {

            // Have we been disposed of in the meantime? If so, quit.
            if (mHelper == null) return;

            // Is it a failure?
            if (result.isFailure()) {
                return;
            }

            Purchase pro = inventory.getPurchase(PRO_STRING);
            SettingsProvider.putSecBoolean(getActivity(), "pro", pro != null && verifyDeveloperPayload(pro));
        }
    };

    IabHelper.OnIabPurchaseFinishedListener mPurchaseFinishedListener = new IabHelper.OnIabPurchaseFinishedListener() {
        public void onIabPurchaseFinished(IabResult result, Purchase purchase) {
            if (mHelper == null) return;

            if (result.isFailure()) {
                return;
            }

            if (purchase.getSku().equals(PRO_STRING)) {
                SettingsProvider.putSecBoolean(getActivity(), "pro", true);
            }
        }
    };

    boolean verifyDeveloperPayload(Purchase p) {
        String payload = p.getDeveloperPayload();
        return true;
    }

    @Override
    public void onDestroy() {
        super.onDestroy();
        if (mHelper != null) {
            mHelper.dispose();
            mHelper = null;
        }
    }

and for the purchase process:

mPro.setOnClickListener(new View.OnClickListener() {
        @Override
        public void onClick(View v) {
            RandomString randomString = new RandomString(36);
            String payload = randomString.nextString();

            if (mHelper != null) mHelper.flagEndAsync();
            mHelper.launchPurchaseFlow(getActivity(), PRO_STRING,
                    IabHelper.ITEM_TYPE_INAPP, RC_REQUEST,
                    mPurchaseFinishedListener, payload);
        }
    });

Well, someone somehow hacked it. This means that the content available in the pro version is free without payment. Maybe someone can share their experience and suggest some way to avoid this?

And also does anyone know how to do this? Thanks

+4

android cracking in-app-billing in-app-purchase

iGio90 Mar 6 '14 at 9:45

2

Sebastiano · Answer 1 · 2014-03-06T09:57:11+0000

Android . , - (ProGuard, DexGuard,..), , JD-GUI. smali .

. -, - , ( Google).

, LuckyPatcher. , , Android-. (Google LVL, IAP s, ..) . , 100%, .

, ?

You simply can't. 100% - , . .

:

. ( ), .
DexGuard. , , , .

, , .

greywolf82 · Answer 2 · 2015-01-18T08:32:10+0000

,

SettingsProvider.putSecBoolean(getActivity(), "pro", pro != null && verifyDeveloperPayload(pro));

:

SettingsProvider.putSecBoolean(getActivity(), "pro", true);

, , antilvl. , , .

Google in the purchase and hacking of applications

More articles: