I've start reading about implementing in-app billing in my android app , the documentation says
Protect your Google Play public key
To keep your public key safe from malicious users and hackers, do not
embed it in any code as a literal string. Instead, construct the
string at runtime from pieces or use bit manipulation (for example,
XOR with some other string) to hide the actual key. The key itself is
not secret information, but you do not want to make it easy for a
hacker or malicious user to replace the public key with another key.
so how dangerous it is if the someone else knows the public key , what he can do with it ?
Per the report, Android applications contained thousands of leaked secret authentication keys, which in turn can be used by malicious users to gain unauthorized access to server resources through Amazon Web Services and compromise user accounts on Facebook.