oneSignal security alert

I use oneSignal in four android apps and i get this security alert in android console dev =>

Your app is using an incorrect implementation of in-app billing. Please see this Google Help Center article for more information.

Vulnerable classes:

com.onesignal.TrackGooglePurchase

Affects APK version 6.

Is this problem come from oneSignal plugin ? Here it seems oneSignal collects purchase data, so could you please tell me all the personal data you collect in my application ?

OneSignal is already currently calling setPackage so the our SDK isn’t vulnerable to the issue Google is reporting.

https://support.google.com/faqs/answer/7054270

It seems some other developers are reporting this issue when using an old Google Play Services library.

http://stackoverflow.com/questions/38642622/google-play-warning-incorrect-implementation-of-google-play-inapp-billing/38666176

OneSignal needs to the library to function however the plugin.google.play.services included with Corona hasn’t been updated in a while. You can replace it with ‘plugin.googleAnalytics’ however it may contain more than you need.

@Rob Miracle Let us know if using ‘plugin.googleAnalytics’ over plugin.google.play.services is the best solution to getting an updated Google Play services library in their app.

Thanks.

@Zed27 Let us know if using ‘plugin.googleAnalytics’ instead of plugin.google.play.services in your build.settings fixes this issue for you.

OneSignal is already currently calling setPackage so the our SDK isn’t vulnerable to the issue Google is reporting.

https://support.google.com/faqs/answer/7054270

It seems some other developers are reporting this issue when using an old Google Play Services library.

http://stackoverflow.com/questions/38642622/google-play-warning-incorrect-implementation-of-google-play-inapp-billing/38666176

OneSignal needs to the library to function however the plugin.google.play.services included with Corona hasn’t been updated in a while. You can replace it with ‘plugin.googleAnalytics’ however it may contain more than you need.

@Rob Miracle Let us know if using ‘plugin.googleAnalytics’ over plugin.google.play.services is the best solution to getting an updated Google Play services library in their app.

Thanks.

@Zed27 Let us know if using ‘plugin.googleAnalytics’ instead of plugin.google.play.services in your build.settings fixes this issue for you.