iOS Phonegap returning weird purchase receipts
https://stackoverflow.com/questions/11442557
-
20-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I've been seeing several purchase attempts from my Phonegap iOS app with this odd transaction receipt, which appears to be invalid when I try to verify it at the itunes endpoint.
window.plugins.inAppPurchaseManager.onPurchased = function (transactionId, productId, receipt) {
// receipt is MC4wMDAwMDA= which base64 decodes to 0.000000
}
I'm suspecting a hack, but I want to verify that we aren't doing anything wrong.
This is using the official InAppPurchaseManager plugin from the phonegap-plugins repo on Cordova 1.7.
Solution
I'm not familiar with the plugin that you're using but I don't think you're doing anything wrong. There are several programs out there that forge receipts in an attempt to steal in-app purchases. Apple recommends validating receipts via your own server to make it more difficult for hackers and hacks to scam your products. You can read about Apple's receipt validation here and their recommended best practices here.
Receipts like MC4wMDAwMDA= or ones starting with Y29tLnVydXMuaWFwLj are common forged receipt signatures and will fail validation when submitted to Apple.
