By Davy Douhine | December 11, 2018
As Google defines it
“Google Play Billing is a service that lets you sell digital content from inside an Android app, or in-app.“
It can be used to sell one-time products like additional game levels, premium loot boxes, media files or subscriptions like online magazines or music streaming services.
But what could possibly go wrong when this service is doing client side validation ?
Guillaume worked on this for Checkmarx and published a complete blog post explaining the results and the detailed steps to bypass the InApp Billing process and obtain unlimited credits: https://www.checkmarx.com/blog/abusing-android-inapp-billing-api/
Check it if you want free credits !