Receipt Validation (latest_receipt) and multi-platform services

Originator:olof.thoren
Number:rdar://28864177 Date Originated:20-Oct-2016 08:10 AM
Status:Closed Resolved:Yes
Product:iOS SDK Product Version:7-10
Classification:Security Reproducible:Always
 
Summary:
We need to validate renewed auto-renewable subscriptions for ”iOS 7 style transaction receipts”. Currently only it’s only available for ”iOS 6 style transaction receipts for auto-renewable subscriptions.” according to the documentation: https://developer.apple.com/library/content/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateRemotely.html#//apple_ref/doc/uid/TP40010573-CH104-SW1

Simply ”iOS 7 style transaction receipts” needs the latest_receipt field, just as the old receipts had.

Steps to Reproduce:
1, Have an auto-renewable subscription (one month), for a service both available on the iPhone and the web. Let’s say it’s a TV-show with new episodes every week.
2, Purchase the subscription (one month)
3, Wait one month, let the subscription renew but don’t open the app.
4, Visit the web-page to watch the TV-show
5, To verify that the user is subscribing, try to verify the latest receipt - but there is none.
6, Ask the user to go home and find hers/his phone, open the app and click ”Restore purchases”

Expected Results:
The field ”latest_receipt” being populated with the latest receipt, so we can know if the customer is still subscribing or not.

Actual Results:
Only available for ”iOS 6 style transaction receipts”

Notes:
Since ”iOS 6 style transaction receipts” is deprecated but not removed, you can still get the latest_receipt-field by fetching those as well (or instead of the newer receipts). This means that by since ”iOS 7 style receipts” has less functionality than the older ones, Apple are incentivizing its third-party developers to keep using legacy code. For an unwelcome surprise when the deprecated functions are finally removed. A situation that will make nobody happy.

If the purpose of this is to prevent auto-renewable subscriptions to be used for multi-platform services it should be clearly stated that this is the case - AND - Apple must not prevent third-party payments in our apps.

Comments

Closed

Turns out I was wrong. The documentation is just unclear.

I've got response back from Apple saying that latest_receipt always exists in iOS 7 style receipts as long there is at least one auto-recurring subscription.

By olof.thoren at Oct. 30, 2016, 10:10 a.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!