Android in app purchase: Signature verification failed

Question

I have tried for several days to solve this problem, using the Dungeons demo code that comes with the SDK. I\'ve tried to Google for an answer but can\'t find one.

Answer 1

The error is caused because of the wrong license key. Maybe the license key is probably from your another app.

The solution is to use the proper license key from :

Play console > App > Development Tools > Licensing & in-app billing

Answer 2

This Solution worked for me. I changed the new verifyPurchase method in purchase class with old one.

Answer 3

Check this answer:

Is the primary account on your test device the same as your Google Play developer account?

If not you won't get signatures on the android.test.* static responses unless the app has been published on Play before.

See the table at http://developer.android.com/guide/market/billing/billing_testing.html#static-responses-table for the full set of conditions.

And it's comment:

I don't think the static ids return signature anymore. See https://groups.google.com/d/topic/android-developers/PCbCJdOl480/discussion

Also, previously the sample code (used by many big apps) from Google Play Billing Library allowed an empty signature. That's why it's static purchases worked there.
But it was a security hole, so when it was published, Google submitted an update.

Answer 4

For Cordova and Hybrid apps you need to use this.iap.subscribe(this.productId) method to subscription InAppPurchase.

Following are the code working fine for me:

 getProdutIAP() {
        this.navCtrl.push('subscribeDialogPage');
        this.iap
            .getProducts(['productID1']).then((products: any) => {
                this.buy(products);
            })
            .catch((err) => {
                console.log(JSON.stringify(err));
                alert('Finished Purchase' + JSON.stringify(err));
                console.log(err);
            });
    }

    buy(products: any) {
        // this.getProdutIAP();
        // alert(products[0].productId);
        this.iap.subscribe(products[0].productId).then((buydata: any) => {
            alert('buy Purchase' + JSON.stringify(buydata));
            // this.sub();
        }).catch((err) => {
            // this.navCtrl.push('subscribeDialogPage');
            alert('buyError' + JSON.stringify(err));
        });
    }

    sub() {
        this.platform.ready().then(() => {
            this.iap
                .subscribe(this.productId)
                .then((data) => {
                    console.log('subscribe Purchase' + JSON.stringify(data));
                    alert('subscribe Purchase' + JSON.stringify(data));
                    this.getReceipt();
                }).catch((err) => {
                    this.getReceipt();
                    alert('subscribeError' + JSON.stringify(err));
                    console.log(err);
                });
        })
    }

Answer 5

Please check that base64EncodedPublicKey and the one from the Play Developer Console are equal. Once you re-upload the APK in the Developer Console, the public key may change, if so update your base64EncodedPublicKey.

Answer 6

You can skip the verifying process for those "android.test.*" product ids. If you are using the sample code from the TrivialDrive example, open IabHelper.java, find the following line code, change it from

   if (Security.verifyPurchase(mSignatureBase64, purchaseData, dataSignature)) { ... }

into

   boolean verifySignature = !sku.startsWith("android.test."); // or inplace the condition in the following line
   if (verifySignature && !Security.verifyPurchase(mSignatureBase64, purchaseData, dataSignature)) { ... }

It's harmless, even if you forgot to rollback the code. So, you can continue to test the further workflow step.