Security Vulnerability in the Google Play In App Billing component (Xamarin.InAppBilling)

Xamarin component located here: https://components.xamarin.com/view/xamarin.inappbilling

Has been working perfectly until now but today I received a notification and warning from Google Play both in the developer console and via email stating there is a vulnerability... details here: https://support.google.com/faqs/answer/7054270

Looks like the intent needs to be explicitly set for "com.android.vending.billing.InAppBillingService.BIND" which is set in InAppBillingServiceConnection.Connect() from what I can tell.

Anyone else received this warning?

Posts

  • GrahamSmith.9665GrahamSmith.9665 GBMember
    edited July 2016

    Submitted an update ensuring I was using the current in-app billing component (V2.2) and everything is correct but Google Play is still giving me the same warning for the new APK.

    The IAP functions correctly for now but it looks like the component does need to be updated urgently.

    ... or if someone knows where I can access the source code for the plugin then its literally a one line change from what I can tell.

    EDIT:
    looking through the plugin I can clearly see:

    Intent intent = new Intent("com.android.vending.billing.InAppBillingService.BIND");
    intent.SetPackage("com.android.vending");

    So its implemented correctly... I am now contacting Google directly to make sure its not an error on their end.

  • GrahamSmith.9665GrahamSmith.9665 GBMember
    edited July 2016

    In case it helps anyone else who has received the same warning I have discovered it was and old version of Google Play Services at fault, updating to the latest version has fixed all issues.

    Xamarin.InAppBilling is fine :)

Sign In or Register to comment.