1

The receipt validation in my app started breaking recently. Apparently, in the last 2-3 weeks Apple has changed the version number of the In-App Purchase receipt from 2 to 3.

When examining the signature struct:

struct signature_blob {
    uint8_t version;
    uint8_t signature[128];
    uint32_t cert_len;
    uint8_t certificate[];
} *signature_blob_ptr = (struct signature_blob *)signature_bytes;

…where signature_bytes is the Base64-decoded value of the signature string from the JSON blob from the transactionReceipt (deprecated as of iOS 7) the SKPaymentTransaction object.

…I had hard-coded a check for version == 2. Now I am seeing a value of 3.

After a couple years in the App Store, in the last 2-3 weeks our app began getting user reports of new purchases and “Restore” purchases failing to activate our app’s content. So I assume this is a recent change on Apple’s part.

Can anyone confirm Apple made a change? Provide further details? Perhaps point me to documentation about this new version of purchase receipts?

Basil Bourque
  • 303,325
  • 100
  • 852
  • 1,154
  • Hey, when this list is correct the last changes were 3 month ago. https://developer.apple.com/library/ios/documentation/StoreKit/Reference/SKPaymentRequest_Class/RevisionHistory.html#//apple_ref/doc/uid/TP40008255-CH99-SW1 – LoVo Jun 04 '16 at 13:04

1 Answers1

3

Yes, Apple introduced the version 3 signature some time in early April. I haven't found any documentation or change log, but this is understandable since transactionReceipt is deprecated.

The difference in version 3 is the signature length, it's now 256 bits instead of 128 and it's signed with the latest Apple Inc. Root Certificate.

Marc Greenstock
  • 11,278
  • 4
  • 30
  • 54