Non-renewing subscription confusion

Question

It's well documented that it's up to the developer to enable the user to use the non-renewing subscription on all devices. Whether it's done through a login/password or a code (as has been suggested on SO), why question is this: what prevents a single user from sharing these credentials with the entire world? Or is this in conjunction with some other data (such as "restore transaction".

Thanks!

Sam

Answer 1

To answer your questions:

1. What prevents a single user from sharing these credentials with the entire world?
2. (In your comment) How do I make sure that it's the same human being and not someone he shared his app-specific otherwise-insignificant password?

I would suggest taking a look at Ray Wenderlich's tutorial, In-App Purchases: Non-Renewing Subscription Tutorial.

In this tutorial, it states:

You’re also required to make the subscription available to any device owned by the user. There are generally two feasible options you can use to accommodate this requirement:

iCloud. Since the user’s iCloud account is exclusive to them, but shared across their devices, this is a simple and effective option. However, if your app is cross-platform, or has an companion web app, this won’t be the best choice since iCloud is restricted to iOS devices.

Backend as a service, or BaaS. By requiring a user to create an account in order to subscribe, you can store any necessary data, such as the subscription expiry date, against their account on the server. This method will allow you to share a subscription across all platforms, simply by requiring a user to log in.

I think the iCloud approach is what you are looking for. It is not app-specific, and the user is unlikely to share their iCloud credentials with a lot of people.