I agree that the use protocol buffer and x509 by BIP70 is a poor choice.

The choice should have been done to maximize portability, not to maximize
efficiency and flexibility.

What I ended up doing for having a similar codebase on all plateform is to
parse a BIP70 messages with the help of a web service that convert it to
JSON.
I don't like this solution since it had a trust dependency, and the
certificate verification become handled by the web service, not the device.
But even if I solved google buffer problem, I would stumble upon having
headache to validate the x509 certificate chain on every plateforms.

A simple BIP70 using JSON + HTTPS would have make things more easy.
I agree that it requires that the merchant own the domain name of the BIP70
endpoint, but I don't consider such a big of a deal, since this is how
e-commerce works.