From 4fabc0b0e45fb5528f0d90b6a7bcca1a7b24d3a1 Mon Sep 17 00:00:00 2001 From: hadi ranjbar Date: Mon, 24 Apr 2017 12:58:49 +0430 Subject: [PATCH 1/3] increase security of in-app billing this little code check if the target package is bazaar client. this prevents malicious tools like lucky patcher to easily impersonate as bazaar client app and unlock premium content. --- .../android/trivialdrivesample/util/IabHelper.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/com/example/android/trivialdrivesample/util/IabHelper.java b/src/com/example/android/trivialdrivesample/util/IabHelper.java index 3602bcc..6069333 100644 --- a/src/com/example/android/trivialdrivesample/util/IabHelper.java +++ b/src/com/example/android/trivialdrivesample/util/IabHelper.java @@ -13,7 +13,7 @@ * limitations under the License. */ -package com.example.android.trivialdrivesample.util; +package ranjbar.hadi.likestan.util; import android.app.Activity; import android.app.PendingIntent; @@ -218,7 +218,12 @@ public void onServiceDisconnected(ComponentName name) { public void onServiceConnected(ComponentName name, IBinder service) { if (mDisposed) return; logDebug("Billing service connected."); - mService = IInAppBillingService.Stub.asInterface(service); + if (!"com.farsitel.bazaar".equals(name.getPackageName())) { + logDebug("can't find bazaar app!"); + return; + } else { + mService = IInAppBillingService.Stub.asInterface(service); + } String packageName = mContext.getPackageName(); try { logDebug("Checking for in-app billing 3 support."); From c7a674c469005be12355d23b1db9aa964cdfa473 Mon Sep 17 00:00:00 2001 From: hadi ranjbar Date: Mon, 24 Apr 2017 13:19:58 +0430 Subject: [PATCH 2/3] Fixed null pointer exception on devices which bazaar client is not installed on devices with older android version, if bazaar client is not installed a null pointer exception will be thrown resulting a force close when user wants to buy something --- .../android/trivialdrivesample/util/IabHelper.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/com/example/android/trivialdrivesample/util/IabHelper.java b/src/com/example/android/trivialdrivesample/util/IabHelper.java index 6069333..6276071 100644 --- a/src/com/example/android/trivialdrivesample/util/IabHelper.java +++ b/src/com/example/android/trivialdrivesample/util/IabHelper.java @@ -22,6 +22,8 @@ import android.content.Intent; import android.content.IntentSender.SendIntentException; import android.content.ServiceConnection; +import android.content.pm.PackageManager; +import android.content.pm.ResolveInfo; import android.os.Bundle; import android.os.Handler; import android.os.IBinder; @@ -269,7 +271,9 @@ public void onServiceConnected(ComponentName name, IBinder service) { Intent serviceIntent = new Intent("ir.cafebazaar.pardakht.InAppBillingService.BIND"); serviceIntent.setPackage("com.farsitel.bazaar"); - if (!mContext.getPackageManager().queryIntentServices(serviceIntent, 0).isEmpty()) { + PackageManager pm=mContext.getPackageManager(); + List intentServices = pm.queryIntentServices(serviceIntent, 0); + if (intentServices != null && !intentServices.isEmpty()) { // service available to handle that Intent mContext.bindService(serviceIntent, mServiceConn, Context.BIND_AUTO_CREATE); } @@ -292,7 +296,7 @@ public void onServiceConnected(ComponentName name, IBinder service) { public void dispose() { logDebug("Disposing."); mSetupDone = false; - if (mServiceConn != null) { + if (mServiceConn != null && mService!=null) { logDebug("Unbinding from service."); if (mContext != null) mContext.unbindService(mServiceConn); } From 6aa441d2e37847e6acf05dfc17c9650d7b1bf1a7 Mon Sep 17 00:00:00 2001 From: Hadi ranjbar Date: Tue, 2 May 2017 20:29:24 +0430 Subject: [PATCH 3/3] minor change --- src/com/example/android/trivialdrivesample/util/IabHelper.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/com/example/android/trivialdrivesample/util/IabHelper.java b/src/com/example/android/trivialdrivesample/util/IabHelper.java index 6276071..a3d6249 100644 --- a/src/com/example/android/trivialdrivesample/util/IabHelper.java +++ b/src/com/example/android/trivialdrivesample/util/IabHelper.java @@ -13,7 +13,7 @@ * limitations under the License. */ -package ranjbar.hadi.likestan.util; +package com.example.android.trivialdrivesample.util; import android.app.Activity; import android.app.PendingIntent;