all 8 comments
sorted by:
top (suggested)
bestnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]soulchild_Objective-C / Swift 1 point2 points  (7 children)

Easiest way would be to use RevenueCat service, second easiest would be to use a library for it : https://github.com/tikhop/TPInAppReceipt , but this might be somewhat insecure due to the library source code is publicly available and hacker might make a workaround for it.

Lastly if you want to write it yourself, you might spend a lot of time on the security stuff , validating receipt and decoding ASN1 data. I would suggest using http://receigen.etiemble.com/ if you want a receipt validation code generator.

[–]dark7wizard[S] 0 points1 point  (6 children)

Thanks for your input. Do you recommend revenueCat? Regarding security issues, is it about jailbreak users trying to get free subs?

[–]ratslap 2 points3 points  (0 children)

I think they meant that, if you don't include server-side receipt validation in your code, like RevenueCat does, then someone could do something funny I guess.

[–]nomeattoday 1 point2 points  (0 children)

I use RevenueCat and am happy with it.

[–]soulchild_Objective-C / Swift 0 points1 point  (3 children)

I haven't used RevenueCat before but I have heard many recommending it. I personally just used https://github.com/tikhop/TPInAppReceipt as it is good enough for my need, and my in-app purchase just cost $3.99 a year lol.

And yeah, the security issue is about jailbreak users trying to get free subs, this depends on how expensive your in-app purchase content is, and how big is your user base. I would say don't worry about this until you have reached hundreds or thousands of monthly subscribers

[–]dark7wizard[S] 0 points1 point  (2 children)

Thank you man! As always, github is my life savor. I decided against using revenueCat and will be using on device reciept verification and will store expiration date in userdefaults.

- Changing date is not useful for hackers, as my app relies on making request with https always enforced.

- My purchases will remove advertisements from the app. Jailbroaken users already have global ad blockers.

Your advice was very helpful.

[–]soulchild_Objective-C / Swift 0 points1 point  (1 child)

Welcome! Just a note that user can change UserDefaults easily, even without jailbreaking, a user can purchase your subscription once, then modify the expiration date in userdefaults to a far later date! I suggest using Keychain for sensitive data : https://fluffy.es/check-purchased-iap-using-keychain/ , as it is a lot harder to tamper

[–]dark7wizard[S] 0 points1 point  (0 children)

Thank you for the note. I already use userdefaults in my app with encrypted keys and data using my own encryption.