◀ security
 

Google Play In-App Billing Library Hacked

billinghack1

I successfully exploited two bugs in Google Play In-App Billing Library, which allow to impersonate the Google Play billing service and circumvent the signature verification. I was able to retrieve unlimited amounts of in-app items in games like Temple Run 2, which uses this library.This blog post was released earlier than previously negotiated with Google, because Google was unable to provide proper attribution (they even stated “we recently discovered” in an email sent to Android developers). Additionally, they ignored questions regarding other bad security practices in this library. More information can be found before the conclusion.All Google

Go To Source
comments powered by Disqus
29 Oct
Pau Oliva @pof
2 Vulnerabilities in Google In-App Billing Library to impersonate billing service & circumvent signature verify - http://t.co/JTjSll0aaz
29 Oct
Carlos Castillo @carlosacastillo
Google Play In-App Billing Library Hacked http://t.co/fmbvVp1SmH