I'm trying to implement in-app billing, where the only thing my app sells is a monthly subscription. I've gone pretty much copied the Dungeons example that Android provides and it works, but it seems overly complicated for the one thing I have to sell (and I know I shouldn't be copying it anyway).

The Dungeons example has a PurchaseDatabase class that keeps track of all of the user's purchases. Since there is only one purchase in my app, rather than having a database, it seems like it would make more sense to just have something like a SharedPreference/boolean "isPurchased" and update/check for that when I start up the app... Now I don't really know much about security, but that just seems to ring warning bells and would probably be very hackable.

So, how should I store/restore this one piece of data? What do I need to save and keep track of, anyway?

Edit: Found this In-app billing. How to store information that user has paid? . It would seem that I should use a SharedPreference, but this question still stands: do I just save a boolean "isPurchased" or should I keep track of orderId, developerPayload, etc?

If you just save a flag in shared preferences, any user with a rooted device can flip the flag at will and be 'subscribed' without paying. So you should at least do some obfuscation. Here's a sample way to do it. Additionally, there is an API to check for subscription state, so you should check periodically to make sure the subscription is valid.