|
|
|
|
|
|
by necrecious
5083 days ago
|
|
|
This has been out in the wild for a while now. I first noticed it when I added IAP to my application. My app will call on our server to verify receipt and I was getting bogus receipts that actually caused that part of the code to crash. Apple's receipts are proper json objects and what I was getting was this string "com.urus.iap.30297356." The last part keeps changing, so I am guessing the developer actually tracks usage. So the moral is to always verify your receipts and don't deliver content unless the receipt is valid. But most developers won't have resources to do this and creating a general service for them would be too much custom work. I think SDK platforms should have this capability built in. Pay $10/mo and we'll verify your receipt and return a file based on the IAP product id. |
|
|