3

I want to validate my in app purchases using server side. So I use the following code:

- (void)paymentQueue:(SKPaymentQueue *)queue updatedTransactions:(NSArray *)transactions
{
    for (SKPaymentTransaction * transaction in transactions) {

        switch (transaction.transactionState)
        {
            case SKPaymentTransactionStatePurchased:
            {
                NSData *reciptData = [NSData dataWithContentsOfURL:[[NSBundle mainBundle] appStoreReceiptURL]];
                if(reciptData) {
                    NSDictionary *parameters = @{@"receipt_data" : [reciptData base64EncodedStringWithOptions:0]};//App crashes here -[__NSPlaceholderDictionary initWithObjects:forKeys:count:]: attempt to insert nil object from objects[0]
                }
            }
                break;

            default:
                break;
        }
    };
}

The weirdest thing is that application crashes on one iPad with iOS 8.0.2 and does not crash on other with the same iOS version.

The worst thing is that I do not have access to device on which application crashes.

As far as I understand - base64EncodedStringWithOptions: returns nil but I don't know why.

Can anyone help me?

Sviatoslav Yakymiv
  • 7,887
  • 2
  • 23
  • 43

1 Answers1

0

I have seen this empty receipt issue before where devices are running some form of in-app purchase cracking program such as "IAP Free" or "IAP Cracker" which implies the device has been jailbroken and an in-app purchase cracking tool has been installed. I would make sure the device where the application crashes is not running some form of in-app purchase cracking tool. The other thing you can do is ignore an empty receipt - but don't return any goods to avoid the crash or return a good that is only available locally. This depends on how you want to react to someone cracking in-app purchases - sometimes it's good to pretend it all works locally but limit features from your server.

abdollar
  • 3,365
  • 1
  • 18
  • 23
  • Thanks for your response. But application was running on my device and it's not jailbroken. If I don't unlock functionality then my user just lose his money, but if I unlock it then why should I use validation? – Sviatoslav Yakymiv Oct 21 '14 at 14:05
  • In general, I would recommend unlocking the item even if the decoding fails - don't crash - as in let a hacker/bug obtain the virtual good. However, if something is stored on a server and needs to be validated - then it should fail validation on the server or don't bother passing it to your server – abdollar Oct 21 '14 at 18:16
  • It's related to server side functionality and I do not pass it to server in this case. But what is the reason of empty receipt and how can I avoid it? – Sviatoslav Yakymiv Oct 21 '14 at 19:18
  • From my experience, I have often attributed empty receipts to hacking. Either through MITM attack or a cracking program. It's possible apple's servers might send a bad receipt back to the phone - I'm not sure why that happens. – abdollar Oct 22 '14 at 04:52