Local Receipt Validation in iOS
The course will walk you through the process of writing custom validation code for validating receipts from the app store on your device. Learn about the various pitfalls of writing your own validation code and understand how it all works under the hood. By Brian Moakley.
Who is this for?
Advanced level iOS developers who want to write custom receipt validation code for iOS apps. This course will be helpful if you want to learn about receipt structure and how to read it using OpenSSL.
Covered concepts
- App Store Receipt Structure
- Incorporating OpenSSL
- Reading ASN.1 Values
- Security Best Practices
Part 1: Local Receipt Validation
Learn about the process for validating receipts on a device and some important aspects to consider before devising your own solution.
This episode shows an easy way to include OpenSSL into your app as well as some pros and cons of using the library.
You’ll get started with local receipt validation by first loading the receipt into memory which requires writing some C code in Swift.
You’ll learn how to check that the loaded receipt is a genuine receipt by comparing the signature against Apple’s root certificate.
Receipt values are encoded in ASN.1 so in this episode, you’ll write the functions to read those values from the receipt.
Once you have validated the receipt, the next step is to decrpyt the receipts contents. You’ll do do this by decrypting ASN.1 values.
Learn how to write additional decryption code to read all of the in app purchase receipt data.
Believe it or not, receipt validation doesn’t stop just because you’ve read the receipt. In this episode, you’ll perform a final check to make sure you have a valid receipt.
With all your code complete, your next task is to incorporate it into your app that works both on the simulator and on a device.