After updating UnityIAP to the latest version (1.9.0), we started to receive warnings from GooglePlay about a security error in the onReceivedSslError implementation. Your app is using an unsafe implementation of WebViewClient.onReceivedSslError handler. Please see this Google Help Center article for details, including the deadline for fixing the vulnerability. Vulnerable classes: com.cm.androidforunity.WebActivity$3 After looking at the UnityIAP files, it looks like the class causing the issue is in the CloodMoolah aar plugin.(Assets\Plugins\UnityPurchasing\Bin\Android\CloodMoolah.aar) Since GooglePlay will stop accepting APK with this security issue starting from November 25, is it safe to disable this plugin when targetting GooglePlay store, or should we revert the UnityIAP version / wait for a fix? Edit: After reselecting Google Play in the UnityIAP menu, it disabled the plugin. Which means it was enabled by default after we updated UnityIAP.