mattt/CargoBay

Will CargoBay break in-apps verification after February 14, 2016?

xjki opened this issue ยท 11 comments

xjki commented

Apple WWDR Certification Intermediate Certificate is expiring February 14, 2016 and new certificate is issued.

CBCheckReceiptSecurity function that checks receipt security uses intermediate certificate (marked with FIXME comment in code) - see in code

Question - will validation of in-app purchases/restore using CargoBay will break after February 14, 2016?

Setting date on device after Feb 14, 2016 + restarting device + restoring old purchases still worked but not sure if it will accept/validate purchases made after Feb 14, 2016 with new certificate in receipts?

jam commented

I was just about to post asking the same question. If this is the case, we have very little time to get a new update submitted and approved, so a quick response would be greatly appreciated ๐Ÿ˜„

jam commented

I've extracted the cert from the code & checked the date - it's due to expire on May 18th, so there's a little less urgency now ๐Ÿ˜„

xjki commented

@jam If cert (new one?) received in the transaction receipt from App Store will not match one included in the Cargo Bay, verification will fail anyway.

It seems that Cargo Bay does not support new way of validating app and in-app purchases, as I understand it uses (pre-iOS7 way of processing validating purchases) transactionReceipt from transaction data, not from receipt stored with app itself.

Happens to us already. Seems weird but definitely certificate.
Some DIY fix?

xjki commented

@gnatok Are you sure? Mines verifies using existing code, thou I added DIY extra steps (validating transaction remotely) if Cargo Bay default verification fails. As far as I can see in my analytics there are less than 1% verification fails and these are isolated incidents from few users (hacking attempts perhaps?)

@xjki production version is Ok. But new build was rejected by Apple Because payments fail. Seems they changed something on Sandbox side.
Yesterday we disable local validation inside CargoBay and we successfully made purchase with sandbox user.

xjki commented

@gnatok I see, that makes sense.

Aside from validation, any guess as to how much longer the old receipt format will be accepted for purchases in production?

ren6 commented

Today I found that validating in-app purchases no longer works! Please update your apps by changing/removing validation

as quick workaround: just comment local validation as here https://github.com/abaenglish/CargoBay/tree/master and all should work
pod 'CargoBay', :git => 'https://github.com/abaenglish/CargoBay'

mkral commented

Man I wish I knew about this prior, really messed up some IAP workflows. Thanks for the quick fix @Just-