4

I am developing cross-platform mobile app and using InAppBiling Plugin for my app's in app purchase feature but I have a question about below scenario on iOS:

Scenario:

  • User A gets the subscription with his app credentials and his Apple ID.
  • User B uses User A's device and login with User B app credentials but uses User A's Apple ID to buy a subscription.

Currently, it allows that User B to purchase this item but it says that there is a subscription with this user and asks for a permission to modify this subscription.

My question is how to prevent User B to modify User A's subscription? I could not find any solution before the receipt creation. I do not want to allow User B that modifies User A's subscription. I want to inform User B about using different Apple ID to continue to buy a subscription.

Thanks in advance

basakes
  • 205
  • 1
  • 3
  • 12

1 Answers1

8

Your question is related to this one

You have to have backend that is your source of truth about subscriptions.

The situation that you have provided would look like this:

  1. User A gets the subscription with his app credentials and his Apple ID.
  2. You send receipt to your backend to validate it as described here
  3. Your server stores information about subscription and link it with user A
  4. User B uses User A's device and login with User B app credentials but uses User A's Apple ID to buy a subscription.
  5. You send that receipt to your backend as in point 2
  6. Your backend responds that this subscription is already connected with user A

Edit:

As mentioned in apple docs:

Send a copy of the receipt to your server along with some kind of credentials or identifier so you can keep track of which receipts belong to a particular user. For example, let users identify themselves to your server with an email or user name, plus a password.

gorzki
  • 433
  • 3
  • 10
  • 1
    So, there is no way to prevent this before going to backend right? I am currently doing backend solution but I wanted to prevent user before going to backend. – basakes May 30 '18 at 04:52
  • @BasakSerit Yes, this is the only way. I have extended the answer with a link to the apple docs mentioning this solution – gorzki May 30 '18 at 07:51
  • Okay, I am currently checking it in the backend, but user A’s subscription is changing with user B’s request and User A charging with this modified subscription. Because there is a valid, updated receipt and this is a problem. – basakes May 30 '18 at 08:35
  • @BasakSerit you should compare [transaction id](https://developer.apple.com/library/content/releasenotes/General/ValidateAppStoreReceipt/Chapters/ReceiptFields.html#//apple_ref/doc/uid/TP40010573-CH106-SW13) – gorzki May 30 '18 at 08:55
  • @MichalGorzalczany, but User B able to update plan for User A because it is valid purchase. How can we restrict before User B initiate the purchase? reference: https://stackoverflow.com/questions/74397944/prevent-same-apple-account-in-auto-renewal-in-app-purchase – nirav Nov 11 '22 at 05:24