The tips in the Security and Design document for Android’s In-app Billing state that:

Question

0

Asked: May 27, 20262026-05-27T20:58:24+00:00 2026-05-27T20:58:24+00:00

The tips in the Security and Design document for Android’s In-app Billing state that:

0

The tips in the Security and Design document for Android’s In-app Billing state that:

In particular, attackers look for known entry points and exit
points in an application, so it is important that you modify these
parts of your code that are identical to the sample application.

Since I am going to use In-app Billing for the first time, I am very much interested in understanding what this means exactly, in terms of securing my subscription-based app:

What are exactly those “known entry/exit points”?
What do I need to modify in these parts, to make the task of an
attacker more difficult?
Given the fact that nothing can be protected from eventual reverse-engineering, is it really worth it to go to such great length to protect an
application/service?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T20:58:25+00:00

Editorial Team

2026-05-27T20:58:25+00:00Added an answer on May 27, 2026 at 8:58 pm

I think that document is talking about the methods that are standard in Android for starting an application, namely the activity lifecycle methods (onCreate, etc.). These are easy for attackers to find because they aren’t obfuscated (since the framework needs to be able to find them).

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

The tips in the Security and Design document for Android’s In-app Billing state that:

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply