I've an android app in production phase with more than 1 million downloads
The app is free to download but some features require the user to pay
Monitoring the app throught crashlytics sometimes see the error:
Non-fatal Exception: java.lang.RuntimeException: Google Play In-app Billing API version is less than 3
at com.tomatedigital.giveawaymaster.billing.BuyerHelper$1.onBillingSetupFinished(BuyerHelper.java:145)
at com.android.billingclient.api.zzae.run(zzae.java:1)
at android.os.Handler.handleCallback(Handler.java:795)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:166)
at android.app.ActivityThread.main(ActivityThread.java:6861)
at java.lang.reflect.Method.invoke(Method.java)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:450)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:936)
I'm 100% sure I'm always using Billin API 3.0.3, since first versions of app I'm always with the version 3 or newer, so how can this error even happen?
In the past i've been attacked with some hackers trying to steal data and breach the app but thankfully i managed to recover.
I stated searching and discovered that there are on internet several apps that decompile the apps user has installed modify specific codes and recompile to create a cracked version of the apk:
- removing admob code
- trying to hack billing api
This error happens to me with less than 1% of the users but still happens in a daily basis
I'm not android security expert so I would like to know:
IS SAFE TO ASSUME THIS ERROR IS AN ATTACK?
Can it happen in a normal scenario?
Are there a standard approach to it ? (actually i just log exception)
