Mac App Store Receipt Validation
From the app you can pass the installed receipt to your server which can perform the validation by communicating with apple servers and notify the app about the validation result.
Mac app store receipt validation. Do not call the app store server verifyreceipt endpoint from your app. Barely 24 hours have passed since apple introduced the mac app store and it seems like the receipt validation of the apps has been cracked already. Receipt validation requires an understanding of secure coding techniques in order to employ a solution that is secure and unique to your application.
Replace krvnbundleid and krvnbundleversion with your own ones. Binary data is base64 encoded as defined in rfc 4648. The receipt contains an apple digital signature an app certificate and information on purchases.
This post only covers. For additional security you may repeat this check periodically while your application is running. You can t build a trusted connection between a user s device and the app store directly because you don t control either end of that connection which makes it.
Implement this check in the main function before the nsapplicationmain function is called. For information on establishing a secure network connection with the app store see preventing insecure network connections. Mac app store receipt validation sample mac os x 10 7 rvnreceiptvalidation m.
An app store receipt provides a record of the sale of an app or any purchase made from within the app and you can authenticate purchased content by adding receipt validation code to your app or server. Validating with the mac app store. This is the app s trusted record and in app purchases that are stored on device as a single file.
The method used to crack the validation is dead simple it can be done by anyone with a text editor. This sample is provided because the coding sample found in validating mac app store receipts is somehow out of date today and some functions are deprecated in mac os x 10 7. It is hard to provide a generic solution for mac app store receipt validation mainly because this is a very sensitive piece of code that must be hard to bypass cf.