23

I mean, should my steps be?

1) Get SKPaymentTransactionStatePurchased

2) Remove it from SKPaymentQueue and provide the content by [[SKPaymentQueue defaultQueue] finishTransaction: transaction];

3) Validate the receipt and then, if it's invalid, block the content i've just provided

Or should i change 2nd step to 3rd instead?

1) Get SKPaymentTransactionStatePurchased

2) Validate the receipt and then, if it's invalid, dont't provide content

3) Remove it from SKPaymentQueue anyway [[SKPaymentQueue defaultQueue] finishTransaction: transaction];

In first scenario user can turn the internet off right after the purchase, so i won't be able to validate the receipt. But in the second, there may occure some problems with internet between step 1 and 2, so i won't finish the transaction and won't provide the content, that would be a bad user experience.

So what way did you choose for your app and why?

My Choice

I've choosen the second scenario, since choosing the first one makes my app be easily cracked by iAP Cracker.

Community
  • 1
  • 1
Nikita Pestrov
  • 5,876
  • 4
  • 31
  • 66
  • I'm also interesting in the answer to this. I'm currently doing your first approach since it's a better user experience and it's still hard to abuse (I keep trying to validate the receipt in the background) – Joris Weimar Apr 22 '12 at 16:40
  • I've also decided to choose that one for my app – Nikita Pestrov Apr 22 '12 at 16:53
  • Do you determine whether to download the content (valid receipt) or not (invalid receipt) from within app code? If so, the only need to change 'if(valid)' into 'if(1)'. See my answer. – Nicolas Miari Jul 15 '12 at 10:48
  • I grt the response from server and then determine that, yes – Nikita Pestrov Jul 15 '12 at 11:48

3 Answers3

11

Scenario 2. If the internet blows up, you won't get to -finishTransaction. But that's cool, cause you can retry (NSTimer) and your app will be given the unfinished transaction on start up. And that's exactly how StoreKit is designed to work (even though it's not obvious from reading the docs).

StoreKit comes with transactions, for a good reason. The user can simply quit the app right after purchasing, and you still have to recover from that. And that's why Apple recommends to set your transaction observer as soon as possible in the app lifecycle.

Don't ever finish the transaction before providing the content, you'll have to implement your own transaction system on top of StoreKit, and you don't want to do that, believe me (I've seen it done, it was a disaster).

Edit: in all honesty, the eventually of a user turning the internet off after purchase and before you validate is ridiculously low. The guy was on they internet a second ago, nobody just goes out to cut the internet in the middle of a purchase. But it's possible that the user gets interrupted at that the moment and send your app to the background. Your app can then get killed for whatever reason iOS deems appropriate. And when you're apps starts again, well your app won't remember having a purchase to start with, and store kit won't be of big help, since you've already finished the transaction.

kra
  • 214
  • 2
  • 9
  • Yes, i move to this scenario after i saw,that my app could be easily cracked by iAP cracker. And, yes,cof course i add the observer in didFinishLaunching)Thank you for your answer! – Nikita Pestrov Jul 15 '12 at 07:25
6

This is what I do:

  1. App sends a request for the downloadable content, with receipt attached as an argument.

  2. The server validates the receipt with iTunes, and if it is valid, it returns the purchased content as the response body to the original request.

This way, even if the app binary is hacked/modified, the content is downloaded only against a valid receipt (because no modifications made on the client app can possibly interfere between my sever and Apple’s).

Nicolas Miari
  • 16,006
  • 8
  • 81
  • 189
1

I'd verify first. It takes 2-3 seconds. You can use ReceiptKit https://github.com/maciekish/ReceiptKit for this purpose.

Maciej Swic
  • 11,139
  • 8
  • 52
  • 68
  • 1
    How does ReceiptKit help to validate your receipt without validation on your controlled server environment? Seems like pretty easy to hack, isn't it? – Angel G. Olloqui Jun 25 '13 at 07:38