Explore a conference talk that delves into the vulnerabilities of Google Play Billing API and demonstrates how attackers can bypass payment processes in popular Android games. Learn about the billing workflow, known vulnerabilities, and real-world examples of compromised applications. Discover techniques used by developers to protect billing processes and how reverse engineering can still circumvent these measures. Gain insights into the number of vulnerable applications and compare Google's billing system with alternatives from Amazon and Samsung. Understand the implications for developers and users, and explore potential solutions to enhance security in mobile app transactions.
Abusing Google Play Billing for Fun and Unlimited Credits! - G. Lopes - Hack in Paris
Hack in Paris via YouTube
Overview
Syllabus
Introduction
Overview
Benefits for developers
How it works
Example
ProjectState
Verification
Secure Implementation
Google Documentation
Known Vulnerability
Modify Intent
Verify Process
ClientSide Fix
Steps
Do the Jump
Demo
Snoopy Pop
Proof
Java Native Interface
Shell Library
Conclusion
Google Billing Library
Taught by
Hack in Paris
