Billing Library crash in com.android.billingclient.api.ProxyBillingActivity

[salami]

• [ ] I have updated Purchases SDK to the latest version
• [x] I have read the Contribution Guidelines
• [x] I have searched the Community
• [x] I have read docs.revenuecat.com
• [x] I have searched for existing Github issues

Describe the bug A clear and concise description of what the bug is. The more detail you can provide the faster our team will be able to triage and resolve the issue. Do not remove any of the steps from the template below. If a step is not applicable to your issue, please leave that step empty.

1. Environment
   1. Platform: Android; Nexus 5X
   2. SDK version: 8.10.2; android targetSdk 35; compileSdk 35
   3. OS version: Android 13
   4. Android Studio version: Android Studio Ladybug | 2024.2.1 Patch 3
   5. How widespread is the issue? Rare issue.
2. Debug logs that reproduce the issue
3. Steps to reproduce, with a description of expected vs. actual behavior
4. Other information (e.g. stacktraces, related issues, suggestions how to fix, links for us to have context, eg. stackoverflow, etc.)

Sadly not able to reproduce. This is the crash log data from Firebase Crashlytics

Fatal Exception: java.lang.RuntimeException
Unable to start activity ComponentInfo{com.telephonescience.nomorobomax/com.android.billingclient.api.ProxyBillingActivity}: java.lang.NullPointerException: Attempt to invoke virtual method 'android.content.IntentSender android.app.PendingIntent.getIntentSender()' on a null object reference

Caused by java.lang.NullPointerException
Attempt to invoke virtual method 'android.content.IntentSender android.app.PendingIntent.getIntentSender()' on a null object reference


com.android.billingclient.api.ProxyBillingActivity.onCreate (com.android.billingclient:billing@@7.0.0:14)
android.app.Activity.performCreate (Activity.java:8305)
android.app.Activity.performCreate (Activity.java:8284)
android.app.Instrumentation.callActivityOnCreate (Instrumentation.java:1417)
android.app.ActivityThread.performLaunchActivity (ActivityThread.java:3626)
android.app.ActivityThread.handleLaunchActivity (ActivityThread.java:3782)
android.app.servertransaction.LaunchActivityItem.execute (LaunchActivityItem.java:101)
android.app.servertransaction.TransactionExecutor.executeCallbacks (TransactionExecutor.java:135)
android.app.servertransaction.TransactionExecutor.execute (TransactionExecutor.java:95)
android.app.ActivityThread$H.handleMessage (ActivityThread.java:2307)
android.os.Handler.dispatchMessage (Handler.java:106)
android.os.Looper.loopOnce (Looper.java:201)
android.os.Looper.loop (Looper.java:288)
android.app.ActivityThread.main (ActivityThread.java:7872)
java.lang.reflect.Method.invoke (Method.java)
com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run (RuntimeInit.java:548)
com.android.internal.os.ZygoteInit.main (ZygoteInit.java:936)

Any ideas?

On a somewhat related note, will this SDK upgrade to the latest Google Play Billing Library 7.1.1 soon?

[RCGitBot]

👀 We've just linked this issue to our internal tracker and notified the team. Thank you for reporting, we're checking this out!

[salami]

By the way, this seems to be a rare issue but am wondering if anyone else has encountered it.

[skrugly]

Same here on RC 8.10.7 version.

[JayShortway]

Hi thanks for reporting this!

We've seen this before, and our suspicion is that it's caused by people tampering with the app trying to start the Activities declared in the manifest in unsupported ways. The ProxyBillingActivity is normally launched by the BillingClient, and it expects an Intent extra in the Intent that launched it. This is null if the Activity is started directly, e.g. through adb or Tasker or any other method or app that can send Intents.

On a possibly-related note, this device is running a custom ROM based on Android 13, as the Nexus 5X only got to Android 8.1.

@salami @skrugly Would you be able to share the device and Android version distributions from Crashlytics? That would help us get a better sense of this. If you have absolute numbers on number of crashes that would be great too. Thanks in advance!

[JayShortway]

Oh and you're totally right that we should update to the latest Play Billing Library. Thanks for that, PR coming up!

[Bohdandn]

We see the same suspicious activity. User with Nexus 5X and Android 13 gets crash at ProxyBillingActivity.onCreate (at least its reported as crash by crashlytics). Suspicious indeed.

[Smekalisty]

I have the same error. Android13 Nexus 5X. Maybe we have the same bot

[duytq94]

We see the same suspicious activity. User with Nexus 5X and Android 13 gets crash at ProxyBillingActivity.onCreate (at least its reported as crash by crashlytics). Suspicious indeed.

I got the same

[Shekhanzai]

Same here and it is happening on device Nexus 5X android 13 and i checked it Nexus 5X come with android 6 up to 8 and in crash log we receive android 13 which means user using a custom rom

[poldz123]

Same here crash on the same device

[lwld]

We get the same issue - same device, but also a different one:

• 88% Nexus 5X, Android 13, app sideloaded, device not rooted
• 12% Xperia E, Android 9, app sideloaded, device rooted

So 100% sideloaded. So definitely looks like tampering from here - but must be something automatic if so many people experience the same issue?

Our issue stats from Sentry:

OS/device details from one occurrence:

Operating System

Build
OSM1.180201.031
Kernel Version
5.15.41-android13-8-00055-g4f5025129fe8-ab8949913
Name
Android
Rooted
no
Version
13



Device

archs
[
x86_64,
arm64-v8a
]
Battery Level
100%
Battery Temperature (°C)
25
Boot Time
2025-07-12T00:03:32.895Z(7 minutes before this event)
Brand
google
Charging
true
connection_type
wifi
External Free Storage
1019.9 MiB
External Storage Size
1020.0 MiB
Family
Nexus
Free Memory
696.3 MiB
Free Storage
5.0 GiB
id
a147386828b34af6acd9aa5869a96d3f
locale
en_US
Low Memory
false
Manufacturer
LGE
Memory Size
1.9 GiB
Model
Nexus 5X (OSM1.180201.031)
Model Id
OSM1.180201.031
Name
Nexus 5X
Online
true
Orientation
portrait
Processor Count
4
Processor Frequency (MHz)
0
Screen Density
2.5
Screen DPI
400
Screen Height Pixels
2100
Screen Resolution
null
Screen Width Pixels
1080
Simulator
false
Storage Size
5.8 GiB
timezone
Europe/Bucharest

Another, diffferent one:

Operating System

Build
sdk_gphone64_arm64-userdebug 13 TE1A.240213.009 12342917 dev-keys
Kernel Version
5.15.119-android13-8-00034-gd34029c8258b-ab10871489
Name
Android
Rooted
no
Version
13


Device
archs
[
x86,
armeabi-v7a,
armeabi
]
Battery Level
100%
Battery Temperature (°C)
25
Boot Time
2025-07-09T12:01:20.452Z(19 minutes before this event)
Brand
Xperia
Charging
false
External Free Storage
509.9 MiB
External Storage Size
510.0 MiB
Family
C1505
Free Memory
527.4 MiB
Free Storage
536.8 MiB
id
...
locale
en_US
Low Memory
false
Manufacturer
Sony
Memory Size
1.5 GiB
Model
C1505 (11.3.A.2.13)
Model Id
11.3.A.2.13
Name
Xperia E
Online
true
Orientation
portrait
Screen Density
3.5
Screen DPI
560
Screen Height Pixels
2621
Screen Resolution
null
Screen Width Pixels
1440
Simulator
true
Storage Size
774.9 MiB
timezone
Asia/Kolkata

[pelag0s]

I get this as a crash report from a Romanian ip address, while we generally have no Romanian users and our app is not interesting to Romanians.

I go with @JayShortway and think this is some hacking attempt.

[JayShortway]

Thanks for sharing everyone! It would be interesting to see if these crash reports are coming from re-signed APKs. If so, it's clear that tampering is going on. (If not, there are still other tampering tactics that could be used.)

You can get the signing certificate fingerprint like so:

public fun Context.signingCertificateFingerprint(): String {
    @Suppress("DEPRECATION")
    val signatures = if (Build.VERSION.SDK_INT >= 28) packageManager
        .getPackageInfo(packageName, PackageManager.GET_SIGNING_CERTIFICATES)
        .signingInfo
        ?.apkContentsSigners ?: error("No signing info found")
    else packageManager
        .getPackageInfo(packageName, PackageManager.GET_SIGNATURES)
        .signatures ?: error("No signatures found")
    
    val certBytes = signatures.first().toByteArray()
    // If you're interested, you can decode a lot more info from the cert like so:
    // val cert = CertificateFactory.getInstance("X.509")
    //     .generateCertificate(ByteArrayInputStream(certBytes)) as X509Certificate

    val digest = MessageDigest
        .getInstance("SHA-256")
        .apply { update(certBytes) }
        .digest()

    return digest.joinToString(separator = ":") { 
        String.format(Locale.US, "%02X", it) 
    }
}

You could then add this fingerprint to your crash reports using custom keys, and compare the ones you see in this crash report with the legit fingerprint (e.g. from other crash reports).

[djmaze]

Just adding that this is not a device with a custom ROM we are talking about, but an emulator build of Android 8.1.

[pelag0s]

I forgot to mention that the error was reported very soon after we released a new version on the Play store, and we even had a report for a superseded build which was only available on the store for a few hours. There was exactly one occurrence for each build (until now). It seems to me that there is an automated process going on.

[lwld]

Thanks for sharing everyone! It would be interesting to see if these crash reports are coming from re-signed APKs. If so, it's clear that tampering is going on. (If not, there are still other tampering tactics that could be used.)

You could then add this fingerprint to your crash reports using custom keys, and compare the ones you see in this crash report with the legit fingerprint (e.g. from other crash reports).

Did this and just got the first such crash again. Certificate fingerprint on the crash matches all other error logs from various devices (including my own).

So not a re-signed APK in our case.

[JayShortway]

@lwld Thanks for doing that, very interesting! Seems like a different tactic is being used. Inspeckage claims to be able to start unexported Activities, although there's no evidence of Xposed in the stack trace in the first post. Still, the fact that this happens on a custom ROM gives basically unlimited possibilities. The export-flag enforcement could have been patched out entirely, for instance.

[Atif-09]

I’m also encountering this issue. 3 crashes from the same user.

2 crashes occurred on an older version that was part of an open testing track (no longer active). 1 crash happened on the latest production build.

Also getting crash from device Nexus 5X android 13 on every one of my app after I promote from open testing to production.

I am using KMP SDK

[Stuart-campbell]

I am having same issue as Atif-09

KMP -> 2.0.1+16.0.2

What I thought was worth pointing out both are on OnePlus8Pro

I had crashes on a build number that I never ended pushed live but did submit for review and I don't have this device so putting 2+2 together I think this is happening as part of Google Play pre-release checks. I also think in the last month google started using emulators for pre-release.

[Atif-09]

Thanks for pointing it out @Stuart-campbell

That could be the reason, but I got these crashes a week after the release, and that particular track is paused so I’m a bit confused.

[x86xFX]

I'm having the same issue as well. Our app is currently in closed testing and hasn't been released to production yet. This error is coming from the latest release build, which I published a few days ago.

[tran-huy-phuc]

I'm getting the same issue today with Flutter app, the log:

Fatal Exception: java.lang.RuntimeException
Unable to start activity ComponentInfo{com.company.app/com.android.billingclient.api.ProxyBillingActivity}: java.lang.NullPointerException: Attempt to invoke virtual method 'android.content.IntentSender android.app.PendingIntent.getIntentSender()' on a null object reference

Device: OnePlus 8 Pro, Android 11

[FCalvesCodes]

Também estamos vendo esse crash em produção, com stack trace idêntico (NullPointerException em ProxyBillingActivity.onCreate ao chamar PendingIntent.getIntentSender()).

Contexto do nosso caso

• Ocorreu logo na abertura do app, antes de qualquer tela própria ou fluxo de compra ser iniciado.
• Não há registros de navegação nem eventos de IAP anteriores ao crash no nosso analytics.
• Dispositivo: OnePlus 8 Pro
• Android: 11 (não-root)
• Sintoma: a Activity do Billing é iniciada sem a PendingIntent válida → getIntentSender() em objeto null.

Hipóteses

1. Intent residual/replay da Play Store (ou de outro app) tentando reabrir um resultado antigo, com PendingIntent expirada ou invalidada.
2. Abertura direta da ProxyBillingActivity via automação/ADB ou APK modificado
   (suspeita porque não há qualquer evento de navegação no app antes do crash).

[vlad-bursov]

Have the same crash immediately after sending app to review. It looks like google robots launch all activities declared in manifest.

[aadityapaliwal94]

Getting the same issue in pixel 6a (Android 14) device in RN prod application.

[sashapp]

So is there a solution here? My app won't get through the Google tests at the moment.

[vegaro]

Reopening issue. It was closed due to a failing automation. Sorry about that.

[JayShortway]

Hi all, just wanted to clarify that this issue is not caused by RevenueCat. There is no RevenueCat code in the stack trace. Nevertheless, we've added a page to our docs explaining what (we think) is going on.

TL;DR:

Cause The crash is caused because Play Billing Library's ProxyBillingActivity is being launched in an unsupported way, and the current hypothesis is that some automated process (Google's app review or pre-launch report?) is doing this.

Advise There's not much anyone (other than whoever owns the automated process) can do about this. We'd advise to silence this error in your crash reporting tool (Crashlytics, Sentry), as there's no evidence that actual users are experiencing this.

[JayShortway]

@vini2001 Interesting, were you able to find reproduction steps?

[bijaykumarpun]

I've been facing few of these errors in Firebase Crashlytics & I'm not using RevenueCat for IAP.

It's for certain that this issue is not from RevenueCat.

More likely it's from Play Store side doing some automated tests that's triggering the issue.

Device
Brand:Google
Model:Nexus 5X
Orientation:Portrait
RAM free: 821.23 MB
Disk free: 4.95 GB
Operating System
Version:Android 13
Orientation:Portrait
Rooted: No
Crash
Date:Oct 15, 2025, 2:36:59 PM
App version:0.6.3 (15)