My app uses in-app purchase, and I verify the transaction receipts with Apple. This has shown me that many users are trying to pirate the in-app purchase mechanism by submitting fake transaction receipts, which come up with a product ID of com.zeptolab.ctrbonus.superpower1 (from "Cut the Rope"). Of course I don't let them use the in-app purchase items with a fake receipt. What are some strategies for battling iOS piracy and trying to get these people either to pay or to suffer?
Strategies for battling iOS in-app purchase piracy?
3k Views Asked by Jason At
1
There are 1 best solutions below
Related Questions in IPHONE
- How to control the volume of an iPhone programmatically in objective-c
- my website crash on safari The site sometimes crashes and I can't recover the crash
- Postal Framework crash in iPhone but runs successfully in simulator
- Xcode 15 building failure when using iphone 15 as simulator, using ios 17
- Images uploaded via Active Storage not displaying in Active Admin or on certain devices
- Any problem with creating provisioning profile with old Iphone?
- Does anyone know how to make iPad layout the same as iPhone's? Size wise the text and overall layout get's smaller when I run the app on the iPad
- Keyboard not appearing when connecting smart card reader to iPhones with type-c port. i.e. iPhone 15/ 15 pro
- Access the list of SIM mobile numbers installed in the iPhone
- Can we produce haptics and record from microphone the haptic sound at the same time on iOS?
- SwiftUI's localized string do not load from main bundle despite using the main bundle identifier (an xcode bug?)
- Cordova iOS only app upload through transport requires WKWatchKitApp
- Amazon s3 video is not played on Iphone
- build getting failed for ios xcode build -flutter app
- "Error when Importing 'mysdk' into iOS Demo App: dyld Library not loaded: @rpath/MQTTClient.framework/MQTTClient"
Related Questions in IOS
- URLSession requesting JSON array from server not working
- Incorrect display of LinearGradientBrush in IOS
- Module not found when building flutter app for IOS
- How to share metadata of an audio url file to a WhatsApp conversation with friends
- Occasional crash at NSURLSessionDataTask dataTaskWithRequest:completionHandler:
- Expo Deep linking on iOS is not working (because of Google sign-in?)
- On iOS, the keyboard does not offer a 6-character SMS code
- Hi, there is an error happened when I build my flutter app, after I'm installing firebase packages occurs that error
- The copy/paste functionalities don't work only on iOS in the Flutter app
- Hide LiveActivityIntent Button from Shortcuts App
- While Running Github Actions Pipeline: No Signing Certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID
- Actionable notification api call not working in background
- Accessibility : Full keyboard access with scroll view in swiftui
- There is a problem with the request entity - You are not allowed to create 'iOS' profile with App ID 'XXXX'
- I am getting "binding has not yet been initialized" error when trying to connect firebase with flutter
Related Questions in IN-APP-PURCHASE
- TypeError: _appStoreServerLibrary.SignedDataVerifier is not a constructor node js app-store-server-library
- macOS in-app purchases via dylib - is it possible? alternatives? suggestions?
- StoreKit 2: Custom purchase option isn't recorded
- ios sdk swift : Show in-app app update/install prompt
- purchase errors via 2accounts
- How to handle Apple subscription with serverside verification
- IOS IAP succeed but does not charge the user
- Can't add iOS sandbox test credit cards
- Cannot see free trial in Android/Play store using Flutter in_app_purchase
- Can an iOS app sell user created content with In-App Purchases?
- Flutter in_app_purchase multiple subscriptions
- iOS 17.4 Code=4097 "connection to service named com.apple.storekitd"
- Is there any way to handle promocode in flutter?
- How I can know if the user cancel the subscription from google play store using in_app_purchase Flutter?
- Unity IAP AppleOriginalTransactionID is empty
Related Questions in PIRACY-PREVENTION
- Website project piracy checker system for mern stack
- How to test if user has tempered admob work on android device
- How to prevent malicious operations from virtual keyboard in UWP app
- Detect if debugger is in use during runtime
- Coded Anti Piracy
- Basic precautions to prevent piracy?
- Prevent extraction of data to external system from within the ACCESS
- icacls /deny (de and d) doesn''t work
- Best way to protect video from downloading
- How to mask an embedded audio file from being seen and downloaded from dev tools?
- How to prevent redistribution of content bought online
- Android anti piracy stop patchers
- serve up mp3 to local player w/o showing location of mp3
- Strategies for battling iOS in-app purchase piracy?
- Tracking Rails App usage on the Web/Intranet
Related Questions in PIRACY
- Website project piracy checker system for mern stack
- Detect if the app has been cracked/pirated
- How to detect if the application being used by a user is mod apk or not
- How to remove keychain access to visual studio on a mac?
- PiracyChecker fails to check whether the app is installed from Google Play Store
- anti piracy measures for software on USB sticks
- Coded Anti Piracy
- How to secure my linux C program against piracy
- Preventing Screenshots (Print Screen) In Full screen Application
- Is it possible to safely validate offline license keys clientside?
- Need explanation on how this windows cmd batch script accomplishes the task of activating Microsoft Office 2016
- Is there a way to uniquely identify the website (or application) hosted in IIS?
- Using Steamworks.NET without being published on Steam (Spacewar)
- Protect my Android (Intel XDK) app from piracy
- HTML5 audio & Piracy
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
The only way to truly prevent this is to control everything through your own server(s). Even the infamous "com.zeptolab.ctrbonus.superpower1" receipt is an actual valid receipt that Apple's own validation endpoint will tell you is OK. Once a transaction is completed, the app should send the transaction data to a server you control and:
Even this has a flaw, especially if your IAP content is simply on the device but "locked". There are ways to redirect the validation call from your server to make your app think your server said "everything is OK!". This is much more difficult if your IAP content is hosted remotely as they can't as easily spoof the response with the location of the content if they don't know where the content is in the first place.
The problem in all of this for most people is that controlling your own servers and remote content can get costly, not to mention the need to write your own validation logic. The more difficult you make it for these hacks to be successful, the more it can cost you, so you have to weigh just how much you want to make them "suffer" with how much time, effort and money you're willing to spend vs how much you're making and/or losing. Remember, one "pirated" IAP is not necessarily equal to one lost sale, so it can be hard to gauge just how much you might be losing from this.