Android In-App Billing : Security.java says “Signature Verification Failed”

Android In-App Billing : Security.java says “Signature Verification Failed”

I have implemented a test app with Android’s In-App Billing. I have filled in my Public Key in the Security.java file. Everything works, but when I submit the payment, the app crashes. I receive an error in LogCat that says “Signature Verification Failed”, which corresponds to this bit of code:
if (!sig.verify(Base64.decode(signature))) {
Log.e(TAG, “Signature verification failed.”);
return false;
}

If I change that bit to return true instead of return false, then everything works properly – I can submit payment and safely return to the app – but I am assuming that something else is wrong, since I probably should change that to return true.
Any ideas about what could be causing this?

Solutions/Answers:

Solution 1:

That signature verification error can be caused by:

1.- A wrong public key. Maybe you’ve forgotten to copy some character. It happens 🙂

2.- The .apk must be signed. You can’t use the debug.keystore, if you do your signature string will be empty.

And remember, for testing In-app billing:

  • Add Android Market public key to Security.java (String base64EncodedPublicKey = "your public key here")

  • Build in release mode and sign it (If you are using Eclipse, you can use the Export Wizard).

  • Upload the release version to Android Market, do not publish it, and create the product list.

  • Install the application onto your device ( adb -d install myapp.apk ) and make a test account primary on your device.

Solution 2:

In my case there was a well hidden problem.

When I first set up in-app billing I tried static responses and bought android.test.purchased item. When I switched to production items and tried to query the inventory, that fake product caused all my troubles.

Related:  file stream vs local save in sql server?

So, in this case, the solution was to remove the fake product from my owned item.

Just add in the IABHelper.java file this snippet:

                Purchase p = new Purchase(itemType, purchaseData, signature);
                try {
                    consume(p);
                } catch (IabException e) {
                    e.printStackTrace();
                }

in the else statement of the method having this signature:

int queryPurchases(Inventory inv, String itemType) throws JSONException, RemoteException

Once cleaned up your own items, revert back to the original the helper java file.
Of course, this is only for development phase.

Solution 3:

In my case, I pasted a wrong public key which has a same prefix and suffix. Just make 100% sure that it’s correct.

Solution 4:

My Answer may be helpful to someone in future

Make sure that you have a correct base64EncodedPublicKey in your application.

References