15

I have implemented in app billing on an Android application and although it works ok with the testing constants, it breaks on real products.

I have uploaded the application as a draft on Google Play, created and published products, installed the exact same application on the device (included the right base64EncodedPublicKey) and used the right test account (the primary account on the device & the one i did set on my developer account)

The flow is that I get on the Google Play Activity where I can see the product and its details, I press buy, introduce the test account password, it gets out of the activity, receive the congratulation message and

Signature verification failed for product(response:-1003:Purchase signature verification failed)

The item is actually purchased (it appears on Google Checkout and on a 2nd buying atempt it says "Item already owned"). Also I have used only the TriviaDrive example code from Google.

Any suggestions are very helpful. Thank you!

gabi906
  • 374
  • 1
  • 4
  • 15
  • 4
    Looks like your base64EncodedPublicKey is wrong? Triple check it – Rawkode Mar 14 '13 at 12:58
  • 3
    The message means that Google has signed the purchase info with a key which somehow differs from the key you use in your app. I would double check that the key is correct, correcty assigned and correctly fed into the signature validation. Since everything else goes well, that's presumably the only possible cause of the problem. – class stacker Mar 14 '13 at 12:59
  • 5
    I dont think either of these comments address the issue. I'm getting the exact same error and am positive I'm including the proper public key in my codebase. Also, I dont think it can be a key problem because the setupBilling and initial part of the purchase work (a good key is needed to do these things). Only thing I can think of is something to do with the test environment. No concrete leads though. – Alfie Hanssen Aug 05 '13 at 16:56
  • I'm having the same problem here Alfie, I'll keep plugging away and hopefully figure it out, I'll post back here if I do... – Nathan Prather Aug 06 '13 at 00:55
  • 1
    same problem, except it works for 1 account and not for the other – Benoit Aug 30 '13 at 10:31
  • 1
    Have the exact same problem. It seems everything works fine. I also get a mail from google play to my test account saying that I made a purchase. But the verification fails. Did you manage to get it working? – exkoria Sep 17 '13 at 18:29
  • 4
    I solved it today buy check the base64 public key for the app in Google Developer console. This time I copied the key to Notepad before copying it again to the MainActivity.java file and it worked! I could not see any difference between the keys but it helped in some strange way. – exkoria Sep 18 '13 at 21:02
  • Take a look at http://stackoverflow.com/questions/19732025/android-in-app-billing-purchase-verification-failed – Vince Yuan Jan 15 '14 at 20:23
  • 1
    im having the exact same issue, i can make purchases and everything, all but queryinventory. any one have a good fix for this? – nubela Feb 06 '14 at 04:21
  • I am having same problem. Still this problem is not resolved. – Loganathan May 21 '14 at 06:51
  • I solved it today by copy and paste the base64 public key again from Google Developer console. The key does be a little different from what I pasted before, I don't know why. But it works. – Alex Liao Jun 14 '14 at 09:46
  • I would like to only add one thing, I was gettting the same error because vending app had my old test purchase, I needed clear it by calling in console: `adb shell pm clear com.android.vending` – deadfish Jan 02 '17 at 19:03

5 Answers5

4

In the In App Billing documentation there is a section called Initiate your connection to Google Play.

It tells you that you would need a base64 encoded Public Key to instantiate your IabHelper. You can get this code from the Google Play Developer Console. Login into the console, click apps and then go to the "Services and API" tab.

IabHelper mHelper;

@Override
public void onCreate(Bundle savedInstanceState) {
   // ...
   String base64EncodedPublicKey;

   // compute your public key and store it in base64EncodedPublicKey
   mHelper = new IabHelper(this, base64EncodedPublicKey);
}

Please consider the security recommendations suggested in the documentation:

Security Recommendation: It is highly recommended that you do not hard-code the exact public license key string value as provided by Google Play. Instead, you can construct the whole public license key string at runtime from substrings, or retrieve it from an encrypted store, before passing it to the constructor. This approach makes it more difficult for malicious third-parties to modify the public license key string in your APK file.

Sergio del Amo
  • 76,835
  • 68
  • 152
  • 179
2

Another reason this error can appear in v3 of IAB is if you purchase a product (say, a subscription) on one device, and the purchase info doesn't make it fully into the cache of the Play store app on another device.

I had a scary period where after purchasing a subscription on a Kitkat phone, another phone (gingerbread) was getting this -1003 error. I traced it down to the fact that the getpurchases() method was returning ONLY the INAPP_PURCHASE_ITEM_LIST with a (correct) list purchases. The INAPP_PURCHASE_DATA_LIST and INAPP_DATA_SIGNATURE_LIST were returned as null. (This was even though I could see the subscription in the Play app.)

The signature was null, so of course it got a signature verification error. After a lot of head-scratching/panicking about why it wasn't working, suddenly it worked without me doing anything. I presume Google Services/Play app finally flushed the cache and updated itself.

Given this, I think the solution may be to just silence that error until the full purchase info propagates to Play Services.... w/iabhelper it was something like:

if (result.getResponse() != IabHelper.IABHELPER_VERIFICATION_FAILED)
                    complain("Failed to query inventory: " + result);
Log.d(TAG, "Query inventory was NOT successful.");

This seems like a pretty big bug-- the Play store should wait until it knows everything about the purchase before passing it on to an app, I think. I don't know whether or not this issue manifests itself in other areas of the purchase flow, but there ya go.

fattire
  • 6,823
  • 3
  • 25
  • 38
1

I had this problem with my subscriptions because I haven't set the "itemType" 

 mHelper.launchPurchaseFlow(this,
            SKU_INFINITE_GAS, IabHelper.ITEM_TYPE_SUBS,
            RC_REQUEST, mPurchaseFinishedListener, payload);
stefan
  • 1,336
  • 3
  • 21
  • 46
0

1> Signature verification failed for product(response:-1003:Purchase signature verification failed)

The reason behind this error is that Base64Encoded doesn't match. Get the license key from publisher account ,copy it in some text editor remove the any spaces and paste it.

2> "Item already owned" When we get OK response from google for in-app purchase we need to consume the in-app product to notify its been bought and delivered. But if somehow if your crashes or you forgot to consume it google won't allow to buy it again until you consume it. In your scenario app threw Signature verification failed error ..thats the reason for second issue

Hope this help

all-ok
  • 315
  • 1
  • 9
0

Be sure to encode in UTF8 the file with the key

Reign.85
  • 2,420
  • 1
  • 28
  • 28