I am totally new to in app billing. Reading the android documentation, it seems that using a remote server to make signature verification is the best thing to do:
> Implementing the verification process on a server makes it difficult > for attackers to break the verification process by reverse engineering > your .apk file. Anyway, suppose that a feature, bundled with the app but locked, can be unlocked via iab. Why using a remote server makes iab more secure, in this case? If someone, by reverse engineering, modify the apk and republish it on the internet with all the checks to the server fixed, having a remote server will not help. On the other hand, if the purchased content is uploaded by the remote server, it does. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
