Important update: Support for in-app receipt validation for SHA-256 Apple Receipts.

The In-App Purchasing SDK version 4.9.4 now uses the SHA-256 algorithm to decode Apple receipts for those using the CrossPlatformValidator.

Apple is changing its receipt format on August 14th: Upcoming changes to the App Store receipt signing intermediate certificate - Latest News - Apple Developer. Please update to IAP 4.9.4 in your package manager if your app is using this feature.

Older receipts encoded in SHA-1 are still supported.

2 Likes

@John_Corbett just to be clear on this. From today the CrossPlatformValidator.Validate call will fail (throw an exception) in all our store apps using 4.9.3 or earlier, when a purchase is made?

  • August 14, 2023. Receipts in new apps and app updates submitted to the App Store, as well as all apps in sandbox, will be signed with the SHA‑256 intermediate certificate.

Only new apps, updates and sandbox testing apps will be affected.

1 Like

HI @andymads

I believe it might, although maybe only for updated apps submitted after that date. Apple sprung this on everyone with fairly short notice.

1 Like

Has anyone managed to reproduce this error in the sandbox environment by chance? I’m trying to confirm it happens so we know the update to IAP fixes it, but our locally validated consumable purchases are still being validated on 4.4.1.

1 Like

Was running into exactly the same problem. From the Apple Tech Note it seemed to me that devices needs to be running OS 16.6 to repro the issue using sandboxed IAPs but even with this OS we were unable to repro. Despite this, after upgrading IAP package from 4.8.0 to 4.9.4 it appears we no longer have this issue in our live game.

3 Likes

@unity_320AC700C5AB25D195F1 Do you have the issue of validation on production before the update to 4.9.4?

Correct, validation was failing for us in app updates since 24th Aug until we reacted by rolling out an update with IAP package 4.9.4 a few days later. A prior update on 21st Aug didn’t appear to have issues, so we assume Apple enforced the change to receipt format later than the stated 14th Aug date.

1 Like

@unity_320AC700C5AB25D195F1 Thank you for the answer and additional information, In my case, the current project that I’m working on also had this issue since 2 September 2023 ( the date that the app was Ready for sale ) until now, I’ve been using IAP version 4.9.3,
and It was working fine on the Test flight, It passed the Apple review, but on production, it’s stuck in the catch block of the validation part ( always returns invalid receipt), Today I’m uploading another build with an IAP version update, I hope it can solve the issue

Edit: after I update IAP to 4.9.4 and resubmit, We no longer have issue with the validator try-catch block in IAP script

It’s a nightmare, once I update my App on Sep, all my app version CrossPlatformValidator is fail, that mean I need to stop IAP before most of our user have been updated to new version.

Indeed. Updating to 4.9.4 fixes the bug.