Explore Android in-app purchase exploitation techniques in this 44-minute conference talk from Derbycon 2015. Delve into the intricacies of in-app billing, its implementation, and vulnerabilities. Learn about the Google Play API, IAB Helper, and common flaws in mobile game monetization. Examine real-world examples, including Supercell games and mobile MMOs. Discover how cracked binaries and Cydia Substrate can be used to manipulate the Java Virtual Machine. Analyze client-side trust issues, signature verification methods, and potential exploits. Investigate the Pandora example, SISV token obfuscation, and public key vulnerabilities. Gain insights into protecting against these exploits and understanding the implications of excessive logging and client-side signature verification.