STEPS TO REPRODUCE:
1. Developer gets option to add a security string in the inapp console.
2. Play Store returns the same in the PURCHASE_DATA json.
3. Developer can verify the same in the app(using his/her own algorithm)
(At present all the data that is present in json either originates from the app
or generated by Google. As the algorithm for signature verification is open
source, rooted devices can bypass this security check and modded PlayStore OR
apps that allow users to bypass PlayStore simply return a json string built
from the original data )
By adding one more layer of check,that is developer dependent,bypassing of
Store Server would be difficult.
EXPECTED OUTPUT:
ACTUAL OUTPUT:
AFFECTED ORDER IDS (IF RELEVANT):
OS VERSION:
MARKET/MYAPPS VERSION:
DEVICE:
OUTPUT FROM ADB BUGREPORT ATTACHED:
(Note: The output from "adb bugreport" is required for all bug reports.)
NOTES:
Original issue reported on code.google.com by rally...@gmail.com on 9 Jan 2014 at 5:49
Original issue reported on code.google.com by
rally...@gmail.comon 9 Jan 2014 at 5:49