I've finished developing my app that uses in app billing v3. My app is an exam help app which has a list of questions which are inserted into a database. The thing that worries me is security as beyond proguard there is pretty much little else. My app queries the inventory for purchased items so storing purchases isn't a problem.
So the first issue is someone could decompile the app (which I've done) and even with proguard you can without too much difficulty retrieve all the questions.
The next thing is the application's public key. This can easily be taken from my app and according to the developers guide, this is something I should keep secure.
However I really don't know how to implement any form of security. Or even how far I should go with security. Without a server, if I'm keeping everything on the device I recognise it won't be perfect (far from it) but I would at least like hackers to be deterred rather than amused.
So essentially the question is:
What type of security should I use and how is it used? Just pointing me to links that go through it step by step so I can understand it would be amazing.
Thank you very much!
Clarification:
There is no server involved. The data is stored in the app. When it the inventory is queried (through the queryinventoryasync method) it returns back if an inventory is bought or not and this runs every time the app launches. In app billing itself I presume is okay, I'm asking more about my own application the application public key - I'm meant to somehow make that harder to copy but currently I have just broken it into 15 strings and I just "add" them to each other on runtime but that's barely any better then just having it as one string. I'd like to encrypt it somehow just don't know how.