0

I'm developing an app that uses newsstand for subscription purchase. Is it an Apple approval requirement that the IAP uses server receipt verification?

It is possible to implement IAP in apps without using a server to verify receipts. I'm just wondering whether it's possible to take this approach with newsstand apps (I understand that doing so loses some level of security, but it also reduces complexity).

Phil John
  • 1,225
  • 1
  • 15
  • 24
  • The is the recommended way of verifying receipt. I am sure you are aware of problems (mainly security) of doing it from device. I don't think it is Apple's approval requirement. – msk Aug 21 '12 at 08:10
  • If I understand the recent problems correctly, the main vulnerability of IAP as a result of the Russian hack is between the device and Apple, so it's even more insecure at the moment. However, if they fix it and improve the security for this direct exchange perhaps the additional server will become less of a requirement? – Phil John Aug 21 '12 at 09:29
  • 1
    even then your server will always remain more secure than the device. – msk Aug 21 '12 at 09:52

1 Answers1

0

The simple answer is that it's not an approval requirement, but as MSK says. it is recommended. I decided to go with server verification which is not too much trouble anyway. However, if you're interested, here's an example of verification being done from the app itself. http://www.viggiosoft.com/blog/blog/2011/10/29/at-newsstand-and-subscriptions

Phil John
  • 1,225
  • 1
  • 15
  • 24