Sandbox receipts are stored in the production URL

Originator:andy
Number:rdar://FB7699277 Date Originated:05/12/2020
Status:Open Resolved:
Product:WatchOS Product Version:6.2.5
Classification: Reproducible:yes
 
There’s a bug when refreshing StoreKit receipts on WatchOS (tested on watchOS 6.2.5 (17T5607a). 

The issue is that after performing an SKRefreshReceiptRequest, the request succeeds, and refreshes the receipt, however the receipt is stored in the wrong URL for Sandbox environments. 

Instead of being stored in <receipts_folder>/sandboxReceipt, like in other platforms, it gets stored in <receipts_folder>/receipt. 

This is problematic because [[NSBundle mainBundle] appStoreReceiptURL] returns the URL for the sandboxReceipt, so the app has no reliable way of going to the correct receipt. 

to clarify, the problem is that appStoreReceiptURL (correctly) returns the url of the sandbox receipt when you’re in sandbox, but it seems like the refreshed receipt lives in the path where the production receipt would usually live

for example:
file:/private/var/mobile/Containers/Data/PluginKitPlugin/6CC24F0D-402C-4AB9-9747-96116D575348/StoreKit/receipt -> contains the purchases
file:/private/var/mobile/Containers/Data/PluginKitPlugin/6CC24F0D-402C-4AB9-9747-96116D575348/StoreKit/sandboxReceipt -> MISSING, but this is the url returned by `[[NSBundle mainBundle] appStoreReceiptURL]`

I've verified the receipt located in /receipt against the /verifyReceipt endpoint, and it correctly contains the purchases I've made on device, and it indicates that the receipt type is Sandbox. Here's an excerpt from the receipt:

```
{
  "status": 0,
  "environment": "Sandbox",
  "receipt": {
    "receipt_type": "ProductionSandbox",
    "adam_id": 0,
```

To reproduce: 

- Make a purchase on Apple Watch
- Make an SKRefreshReceiptRequest
- Once it finishes, check the file stored in `[[NSBundle mainBundle] appStoreReceiptURL]`. There won't be anything there. You can also verify that the URL ends in `sandboxReceipt`, as expected. 
- Look for a file in the same folder where the sandbox receipt should be, named `receipt`, and verify its contents. It should have the refreshed receipt. 

I expect that this works correctly in production, but I haven't checked because I'd have to upload an app that I haven't tested successfully.

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!