Reputation: 10961
Is it necessary to validate / refresh an app store receipt on launch in iOS?
The Apple docs on receipt validation say to perform receipt validation immediately after launch. This amounts to checking for data at the path returned by [[NSBundle mainBundle] appStoreRecieptURL], refreshing via SKReceiptRefreshRequest if it's not there, and validating it. The aforelinked docs reference both iOS and macOS.
Is it actually necessary on iOS? If so, why? Is it to prevent users from using my app on a jailbroken device, or without having bought it from the app store (in which case I probably don't care if my app is free)? Or does it have implications for other operations like restoring or validating in-app purchases? For example, does the receipt data have to be there already in order to validate a transaction for an in-app purchase?
Note: I am not using in-app subscriptions. I have in-app purchases, but I don't use the receipts from them after verifying them and recording the purchase server-side.
Upvotes: 17
Views: 4774
Answers (5)
Reputation: 4674
It's not necessary, but beneficial for the following reasons:
You'll always get the definite set of purchased products and not require the user to manually restore the products.
You have (limited) fraud protection, especially if you combine local and remote validation.
It's way more simple to compute the expiration date for automatically renewing subscriptions using the recipe.
Upvotes: 0
Reputation: 24041
you don't need to do so, that is optional only and could be done on iOS7+, if you interested in doing that.
briefly, implementing the validation is purely a financial decision, and even if you validate recipes you are recommended not to disable the content in case of failure as the validation could fail in standard environment as well anytime (e.g. in case of no connection), and such overreaction may ruin your consumers' experience.
altogether, doing the validation'd rather make sense on OSX in practice when you are allowed to disable the content in case of failure, regardless the reason; but if you feel you have more consumers than your income suggests or the amount of the stolen content is way beyond your margin, it may be worth to do it on iOS as well.
NOTE: in general you can read more about the technical details of receipt validation in Apple's Documentation.
Upvotes: 14
Reputation: 1340
The simple answer to your question is NO, It is not necessary.
Here is the detailed explanation for you.
- According to Apple Documentation here, apple has given two methods of validating the receipts, they are given it as guidance only to prevent unauthorized copies of your application from running. For more guidance apple has pointed towards the apple review guidelines.
- In the review guidelines here, Apple does not mention anything related to the verification of receipts as mandatory.
If at all the receipt validation is mandatory, Apple would have provided a simple API to validate it.
Titbit: You can see a lot of rejections when it comes to app store receipt validations. But all those issues are because the receipt validation is not done properly.
But my personal recommendations will differ from the above answer. First thing for you to consider is "Never underestimate hackers". Validate the receipts several times apart from the start of the app. Read this article for more information.
Upvotes: 4
Reputation: 2522
You would generally only validate the receipt to prevent piracy by users who haven't bought your app or if you are using auto renewing subscriptions.
Whilst you can interrogate the receipt for IAP information, its actually easier (and required by app review) to give a button somewhere to "restore previous purchases" and call
[[SKPaymentQueue defaultQueue] restoreCompletedTransactions];
It is also a better UX for the user to possibly be prompted for their Apple ID and password having pressed a "restore purchases" button rather than unexplained at app startup.
Upvotes: 3
Reputation: 650
The reasons I would give are:
- The user can change their product if you are using subscription groups from outside of your app.
- An auto-renewing subscription can renew outside of your app.
- The app does not receive transactions initiated outside of the app until the app restarts.
- The user can make purchases on another device using the same appleID whilst outside of your app on the current device.
Within our appDelegate:application didFinishLaunchingWithOptions we initialise a class that calls [[SKPaymentQueue defaultQueue] addTransactionObserver:self]; to monitor for purchases initiated from within the app.
Upvotes: 2
Related Questions
- "The receipt could not be authenticated" - should it be checked again?
- Refreshing iOS app receipt: How to determine if user will need to sign in for app store?
- Do I have to verify the receipt for every SKPaymentTransaction for subscriptions?
- Validate App Store Receipt: Local vs Server
- Why is the Apple AppStore in-app receipt empty on iOS?
- Is the receipt at [NSBundle appStoreReceiptURL] still present after an app update
- When is iOS app receipt not available?
- Does a completely free iOS app need app store receipt validation?
- Verifying a Receipt with the App Store
- Do i need to verify iPhone in app purchase receipt?