https://code.google.com/p/marketbilling/source/detail?r=7bc191a004483a1034b758e1df0bda062088d840
에서 수정된 내용 확인 가능합니다.

최신 라이버리로 땡겨받고.. 위에 주소에서 머지해서 수정된 부분 적용하면 끝~!!

아래는 메일 전문..

Hello,

If you previously used the In-app billing sample code to build your in-app billing system, please use the recently-updated sample code as it addresses an exploitable flaw we recently discovered (note that this only affects the helper sample code; the core system and in-app billing service itself was not affected).

The affected applications are those that use the in-app billing sample library (specifically, the IabHelper and the Security classes in the util directory of the in-app billing V3 sample) and do not perform server-side verification.

An update to the sample and library that fixes this vulnerability is now available at code.google.com/p/marketbilling and also through the Android SDK Manager.

To apply the security update:

1. Download the updated source code for the in-app billing sample and library from the Android SDK Manager, which is part of the Android SDK. The in-app billing package is located under Extras -> Google Play Billing Library. Make sure to update to Revision 5. (or, alternatively, download the updated source code from the public repository at code.google.com/p/marketbilling).

2. Merge the new code for IabHelper.java and Security.java into your application, replacing the existing code.

If you prefer to apply the code changes manually, you can browse the diff at https://code.google.com/p/marketbilling/source/detail?r=7bc191a004483a1034b758e1df0bda062088d840 and merge the modifications into the appropriate parts of your code.

Thank you for your continued support of Google Play.