0

Apple's Receipt Validation Programming Guide suggests testing for the existence of the app's receipt at the earliest point in the app's launch:

Implement this check in the main function, before the NSApplicationMain function is called.

They say:

If no receipt is present, validation fails.

But Apple neglects to say how this validation failure should be handled.

This Question, call exit(0) in iphone app, says that an iOS app should not be exited programmatically.

So what should I do if the app has no receipt? Catch-22… Apple says to make the check before presenting any UI but also says to never quit the app without a UI.

To address the vote-to-close… My question is:

  • What are my technical options for how to "not run" my iOS app?
  • What are my technical risks given that Apple specifically recommends testing for a missing receipt before generating any UI?
Community
  • 1
  • 1
Basil Bourque
  • 303,325
  • 100
  • 852
  • 1,154
  • For iOS receipt validation is for in app purchases. If the receipt isn't present disable all in app purchase content. ( Also try to refresh the receipt as well ) – David Zech May 23 '14 at 22:31
  • @Nighthawk441 The receipt is not just for IAP. It can be used to verify the app was properly purchased. – rmaddy May 23 '14 at 22:43
  • What you if there is no valid receipt is 1) make a request for one. 2) If all of that fails, then what you do is up to you. You can do nothing and let the user run the app. You can cripple the app, you can show an alert, whatever you feel like doing. – rmaddy May 23 '14 at 22:44
  • @rmaddy I thought that was only for OS X apps. Was this a recent addition? I always had cryptid checks for my stuff a long time ago. – David Zech May 23 '14 at 22:45
  • @Nighthawk441 As of iOS 7 there is much better receipt validation. You can verify the actual app purchase, when it was purchased, what the original app version was, and of course all of the IAPs. – rmaddy May 23 '14 at 22:48
  • My question is not about an *invalid* receipt, but rather a *missing* receipt. My reading of Apple's guide implies that every iOS app (at least iOS 7 and later) should have a receipt. A missing receipt means some funny business by the user/hacker. But Apple's doc is not clear about whether an app can have a missing receipt under normal (non-hacker) conditions. If a missing receipt means we are sure we have a hacker on our hands, then what should be our response with the app? Perhaps just display a dialog with a single button "Quit", or just a UIWebView with a little HTML message? – Basil Bourque May 23 '14 at 23:30
  • @BasilBourque If it's missing I'd try refreshing it as suggested in the API. If that fails, perhaps continue operating anyway or suggest a reinstall prompt. Be careful with the latter option because there's always a chance legit users will be affected. TL;DR don't just crash the app or try to defeat hackers. It's a game you can never win. – David Zech May 23 '14 at 23:38
  • @Nighthawk441 You may be misreading the Apple guide, as the guide is not clearly written. I read it as saying to refresh an *invalid* receipt, not a *missing* receipt. – Basil Bourque May 23 '14 at 23:39
  • "The SKReceiptRefreshRequest class allows an app to refresh its receipt. With this API, the app can request a new receipt if the receipt is invalid or missing." – David Zech May 23 '14 at 23:40
  • @Nighthawk441 Thank you for that [quote from Apple doc](https://developer.apple.com/library/ios/documentation/StoreKit/Reference/SKReceiptRefreshRequest_ClassRef/SKReceiptRefreshRequest.html), that's helpful. So what is the Apple's point in running the receipt validation in the app's `main` method before UI construction? – Basil Bourque May 23 '14 at 23:42
  • 1
    @BasilBourque that guide is poorly written and seems to be a large copy paste from the OS X guide for receipt validation. For Mac App Store apps you would normally check receipt and exit(173) if it failed. – David Zech May 23 '14 at 23:44

0 Answers0