Dominik successfully exploited two bugs in Google Play In-App Billing Library, which allow an attacker to impersonate the Google Play billing service and circumvent the signature verification. He was able to retrieve unlimited amounts of in-app items in games like Temple Run 2, which uses this library.
Read more here – http://sufficientlysecure.org/index.php/2013/10/29/google-play-billing-hacked/