Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upcoming App Store Changes #718

Open
Jarutais opened this issue Jan 2, 2025 · 13 comments
Open

Upcoming App Store Changes #718

Jarutais opened this issue Jan 2, 2025 · 13 comments
Labels
type: question

Comments

@Jarutais
Copy link

Jarutais commented Jan 2, 2025
edited
Loading

Apple is now showing a warning on App Store Connect about receipt validation changes on Jan 24.
As far as I know, Swifty Store Kit uses the verifyReceipt endpoint so it will not break, but this endpoint has now been deprecated and probably will go out in a few years. How can we move away from that?
@mazhigbee-pb
Copy link

I also had this question when logging into the app store this morning. Is anybody able to confirm this and verify the SHA-1 changes will not be an issue?

@GreydeskChirag
Copy link

The SHA-1 intermediate certificate for signing App Store receipts will expire soon, and Apple requires apps performing on-device receipt validation to support the SHA-256 algorithm.
I am using SwiftyStoreKit for receipt validation in my app. Can you confirm if the library already supports SHA-256, or do I need to make any changes at the code level to ensure compatibility with the new requirements?

@vivek-mittal
Copy link

vivek-mittal commented Jan 3, 2025
edited
Loading

Question one - on-device verifcation yay or nay?
In this library I see we are using verifyReceipt endpoint here so it may appear we are using remote verification and NOT "on-device" verification. The current notification from the Apple's app store may not apply to us(users of this lib).

Question two - Another deadline approaching?
From the Apple's doc here -

The verifyReceipt endpoint is deprecated. To validate receipts on your server, follow the steps in Validating receipts on the device on your server.

In this repo, I do not see the use of AppTransaction which is what we should be doing for the remote verification since verifyReceipt endpoints are deprecated. This library would require update eventually may be not right away to move away from the verifyReceipt endpoints.

This is my analysis so far, authors or maintainer would be the best people to comment however.

@LBBB
Copy link

LBBB commented Jan 6, 2025

Has anyone confirmed that this library won't have issues with the SHA-256 requirement?

@tikamsingh
Copy link

tikamsingh commented Jan 6, 2025
edited
Loading

@LBBB Yes if you are using this lib then it's ok, no need to change any thing because in this lib they are verify receipt in App Store Server, that API is deprecated but still we can use it.

@louiskabo
Copy link

Wondering same thing. Anyone have confirmation we will be OK after Jan 24?

@tikamsingh
Copy link

@louiskabo Yes if you are using this lib then it's ok, no need to change any thing because in this lib they are verify receipt in App Store Server, that API is deprecated but still we can use it.

@crexon
Copy link

crexon commented Jan 9, 2025

I'm not sure at all. I'm migrating to StoreKit 2, because this is deprecated.

@louiskabo Yes if you are using this lib then it's ok, no need to change any thing because in this lib they are verify receipt in App Store Server, that API is deprecated but still we can use it.

@louiskabo
Copy link

What has me concerned is:

                let appleValidator = AppleReceiptValidator(service: .production, sharedSecret: "XXXXXXXXX")
                SwiftyStoreKit.verifyReceipt(using: appleValidator) { result in
                    switch result {
                    case .success(let receipt):
                 ...

Which I guess verifies the receipt in the App Store Server per @tikamsingh however, the apple warning "If your app performs on-device receipt validation" which technically, that is doing, no?

I understand it is querying Apple's servers for the receipt, but isn't the message basically saying, if you are asking us for the receipt using SHA1 (which SwiftyStoreKit uses) then you will not get a response?

Sucks having less than 20 days to rewrite such an important function. Swifty was amazing before SK2 came along, seems pretty easy now just a total pain in the a$$.

@tikamsingh
Copy link

@louiskabo: Check out this link: https://developer.apple.com/news/?id=smofnyhj. You don’t need to take any action. Remember, Swift's StoreKit doesn't use any algorithm for receipt verification—that’s handled by Apple’s servers. Relax, there's nothing to worry about!

@louiskabo
Copy link

@tikamsingh After reading that, I would agree we are OK. Thank you!

@bizz84
Copy link
Owner

bizz84 commented Jan 11, 2025

Author and maintainer here. This project has not been maintained for 5+ years (and no further work is planned). I recommend migrating to the new StoreKit APIs or supported 3rd party solutions like RevenueCat.

@louiskabo
Copy link

@bizz84 thank you for all the past years of seamless IAP integration that this library provided. It was truly a life saver!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@bizz84 @vivek-mittal @tikamsingh @LBBB @louiskabo @mazhigbee-pb @crexon @Jarutais @GreydeskChirag