Reputation: 4337
Why should I use my own server to validate iOS receipt?
I want to validate iOS receipt.
I thought I would send a receipt to the App Store verification server (https://sandbox.itunes.apple.com/verifyReceipt or https://buy.itunes.apple.com/verifyReceipt).
But Apple reference says:
It is not possible to build a trusted connection between a user’s device and the App Store directly because you don’t control either end of that connection.
And apple recommend sending a receipt to my server then send it to the App Store verification server to validate.
I don't understand why a connection between a device and the App Store is not trusted regardless of using HTTPS connection.
Upvotes: 2
Views: 1944
Answers (1)
Reputation: 33369
Your app is running on hardware controlled by the user. They have physical access to it, and can do anything they want with it. The operating system doesn't make it easy for a user to mess with things, but it can be done and hackers do it.
You can validate the iOS receipt on the iOS device. But you cannot be sure that the receipt is actually valid. The user could have hacked the device to make you think the receipt is valid.
I don't understand why a connection between a device and the App Store is not trusted regardless of using HTTPS connection.
HTTPS does not protect you from a hacker who has physical control over iOS device. A hacker can install different SSL keys on the device, allowing it to connect with a different server.
When your app tries to communicate with Apple's server, any network administrator can change it so that some other server is contacted instead of Apple's one. This server would normally be rejected because the SSL key will be untrusted... but if the user controls the device, they can make it trust an invalid SSL key.
Your server, however, is controlled by you. Your customers do not have physical access to it. And therefore your server (hopefully!) cannot be hacked. This means your server can be trusted, unlike the device. When your server establishes an SSL connection to Apple's server, you know you really are talking to Apple's server. Not one that your user installed to bypass in-app purchasing.
So, if the user buys something in your app... you don't want to store the thing being purchased inside the app. You want to store it on a server, and that server only sends the purchased data to the device after it has verified the receipt with Apple's server.
If you don't want to spend money running your own server, then you will simply have to accept that any tech savvy person with a few hours of free time can create fake iOS purchase receipts and convince your device that they are valid.
Upvotes: 7
Related Questions
- Validate App Store Receipt: Local vs Server
- iOS Receipt Validation as a back-end service
- What is the security benefit of verifying iOS Apps Receipts on the Apple App Store, vs in-app?
- Validating iOS in-app-purchases using my own server
- What is the purpose of validting an In App Purchase receipt?
- in app purchase is validating receipts on own server still necessary
- Server receipt verification or Apple's VerificationController.m?
- IPHONE in-app purchase: is it possible to verify a receipt without using an external server?
- Do i need to verify iPhone in app purchase receipt?
- Verify in app purchase receipt without external server?