- https://developer.apple.com/library/ios/releasenotes/General/ValidateAppStoreReceipt/Chapters/ReceiptFields.html#//apple_ref/doc/uid/TP40010573-CH106-SW1
- http://hpique.github.io/RMStore-presentation-for-NSBarcelona
- http://asciiwwdc.com/2014/sessions/305
优点:
- 无需服务器验证
缺点:
- 项目里需要引入 OpenSSL
链接:
- http://stackoverflow.com/a/20039394/656428
- https://github.com/robotmedia/RMStore#receipt-verification
- https://github.com/robotmedia/RMStore/wiki/Receipt-verification
优点:
- server-side verification over SSL is the most reliable way to determine the authenticity of purchasing records
缺点:
- 需要部署服务器,服务器和 App 之间的数据交换可能更容易被破解
链接:
先本地验证一次,后服务器再验证一次(感觉没必要)
- http://receigen.etiemble.com Mac App,直接生成代码,Xcode 集成
- http://blog.hussulinux.com/2013/04/apple-ios-in-app-purchase-hacking-how-to-prevent-specially-com-zeptolab-ctrbonus-superpower1-hacks/
- http://stackoverflow.com/a/17687827/656428
- 服务器验证更适合有自己账号系统的 App,直接可以对 IAP 破解免疫,否则一样很简单就被破解
- 本地验证使用下面的方法来增强验证
- Check that the SSL certificate used to connect to the App Store server is an EV certificate.
- Check that the information returned from validation matches the information in the SKPayment object.
- Check that the receipt has a valid signature.
- Check that new transactions have a unique transaction ID.