In App billing not working after update - Google Store

This is because of the verifyPurchase() method in the Security class that has been change in the new fixes. Let me show you what is the exact problem is:

Security class changes

OLD CODE

 public static boolean verifyPurchase(String base64PublicKey, String signedData, String signature) {          if (signedData == null) {            Log.e(TAG, "data is null");            return false;        }        boolean verified = false;        if (!TextUtils.isEmpty(signature)) {            PublicKey key = Security.generatePublicKey(base64PublicKey);            verified = Security.verify(key, signedData, signature);            if (!verified) {                Log.w(TAG, "signature does not match data.");                return false;            }        }        return true;    }

New Code

public static boolean verifyPurchase(String base64PublicKey,            String signedData, String signature) {    if (TextUtils.isEmpty(signedData) || TextUtils.isEmpty(base64PublicKey)                || TextUtils.isEmpty(signature)) {        Log.e(TAG, "Purchase verification failed: missing data.");            return false;    }    PublicKey key = Security.generatePublicKey(base64PublicKey);    return Security.verify(key, signedData, signature);}

According to what I have searched and tested from New code,

Why it happens because we will not get any signature while we are using dummy product like "android.test.purchased". So in the old code it is working good because we were return true even if signature is not given and for the New code we are returning false.

more information about the signature data null or blank from link1 and link2

So I suggest you just replace old code method verifyPurchase() instead of New Code method.

I think may be New Code will work fine for the real product but not in the dummy product. But yet I have not tested for the real product.

Let me search more about this, why they changed code and what is the purpose behind that.

EDIT:

BuildConfig.DEBUG will also give you the solution for the test purchases.

In the verifyPurchase I changed return false to:

 Log.e(TAG, "Purchase verification failed: missing data.");        if (BuildConfig.DEBUG) {                return true;        }        return false;

but you should be aware to use this only in test scenario's.

This will return true, if you have a debug build, and the signature data is missing. Since the BuildConfig.DEBUG will be false in a production build this should be OK. But better is to remove this code after everything is debugged.

I have edited some code in the verifyPurchase() method, check it below:

public static boolean verifyPurchase(String base64PublicKey,        String signedData, String signature) {    if (signedData == null) {        Log.e(TAG, "data is null");        return false;    }    if (TextUtils.isEmpty(signedData) || TextUtils.isEmpty(base64PublicKey)            || TextUtils.isEmpty(signature)) {        Log.e(TAG, "Purchase verification failed: missing data.");        if (BuildConfig.DEBUG) {            Log.d("DeBUG", ">>>"+BuildConfig.DEBUG);            return true;        }        return false;    }    PublicKey key = Security.generatePublicKey(base64PublicKey);    return Security.verify(key, signedData, signature);}

I got this from GvS's answer android in app billing purchase verification failed.

hope it is helpful for you.

I was the one informing Google Security Team about these security bugs.Please be patient until I do public disclosure of these bugs, as I granted Google time to fix them.If no big sites write about this problem I will disclose with a working exploit on 6 November.

As you already looked at verifyPurchase(), the bug should be obvious. If given signature is an empty String the method still returns true (as it returns true on default).