[physcab]

Awesome, in theory this is how it should work. I'm actually more curious as to how you handle it practically though. Because for us, validating the receipt from Apple takes time, so if you are first making a request to Parse and then Parse has to make a request to Apple, the added latency poses a real threat to the user cancelling the transaction, especially on a mobile device with a crappy connection. This is why I see server-side validation as non-ideal. But such is the state of mobile development.

[idunno246]

Most of the jail broken cracks are trivial to detect client side. Otherwise... They aren't going to pay anyway, might as well make the experience better for payers and not block on validation( but still track invalid transactions). And besides, if they're willing to install a hackers DNS server and ssl cert, they won't have money for long.

[physcab]

I agree. The hackers will only be a small percentage of your user base (guessing <=5%), if you have a problem at all. This issue is more problematic if you track revenue metrics, and so JB users may inflate your numbers considerably, if you're not cognizant.

[pooriaazimi]

> The hackers will only be a small percentage of your user base (guessing <=5%)

Not if you're making a game for teenage boys.