Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Store hack #66

Closed
Esqarrouth opened this issue Aug 9, 2016 · 3 comments
Closed

Store hack #66

Esqarrouth opened this issue Aug 9, 2016 · 3 comments
Labels
area: receipt-validation validating receipts for customer or purchase verification type: question

Comments

@Esqarrouth
Copy link

http://blog.gameanalytics.com/blog/how-to-detect-and-prevent-in-app-purchase-hacks.html

Something similar happened to me, a user apparently bought like 200 purchases in 10 minutes and I don't see that money in itunes connect.

        func alertForPurchaseResult(result: SwiftyStoreKit.PurchaseResult) -> UIAlertController {
            switch result {
            case .Success(let productId):
                    //got in there

Why is this happening? How can we fix this issue?

@tosbaha
Copy link

tosbaha commented Aug 11, 2016

You should do what is called receipt validation. I suggest you do the verification on server side. Since some hacks also allows bypassing local verification. In order to verify receipt on server, you send your receipt in base64encoded to apple servers and check the result for

  • Correct server response
  • Your bundleId
  • Your in_app array
    • Is it empty?
    • Does it have the values user bought

Good luck. Kolay gelsin 👍 Bir Türke yardımımız dokunduysa ne mutlu bize :)

@Esqarrouth
Copy link
Author

Thanks, I expected something like this to be done in Apple's frameworks automatically.

@bizz84 bizz84 added type: question area: receipt-validation validating receipts for customer or purchase verification labels Nov 5, 2016
@bizz84
Copy link
Owner

bizz84 commented Feb 20, 2017

Local receipt verification is being tracked here: #101

Closing this issue for now. @goktugyil If needed, feel free to reopen.

@bizz84 bizz84 closed this as completed Feb 20, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area: receipt-validation validating receipts for customer or purchase verification type: question
Projects
None yet
Development

No branches or pull requests

3 participants