I'm developing an app that uses newsstand for subscription purchase. Is it an Apple approval requirement that the IAP uses server receipt verification?
It is possible to implement IAP in apps without using a server to verify receipts. I'm just wondering whether it's possible to take this approach with newsstand apps (I understand that doing so loses some level of security, but it also reduces complexity).
The simple answer is that it's not an approval requirement, but as MSK says. it is recommended. I decided to go with server verification which is not too much trouble anyway. However, if you're interested, here's an example of verification being done from the app itself.
http://www.viggiosoft.com/blog/blog/2011/10/29/at-newsstand-and-subscriptions
Related
I'm implementing IAP for SaaS application. I nearly finished with Store Kit's integration, receipt validation and other development related stuff. But I still have 2 more questions regarding Apple's guidelines which I couldn't find answer to on the docs.
The first question: I read on few places on the web that my app should provide minimum functionality even if the user is not subscribed. I offer a SaaS app and I don't want the user to be able to use the app if he's not subscribed. I will allow him to purchase a subscription if he is not subscribed. Is it enough for minimum functionality? (I suspect that these minimum functionality restrictions are old and obsolete, as they sound absurd).
The second question: I want to offer the user a possibility to try the app for free without subscribing at all (Without Store Kit's Free Trial option), because I don't want make the user make a commitment to pay before he tried the app (Apple also doesn't provide a convenient way to cancel the subscription, which may cause abandon-users to be charged even if they don't use the app, which will cause bad reviews etc). So the question is, can I do this without risking my app to get rejected? Does apple allow such kind of Free Trial feature which is managed solely by my server?
Forgive me if this info is somewhere on Apple's docs, but I couldn't find anything related. Thanks!
Okay after sending a query to Apple (Which didn't help me much to understand) and submitting an app to the App Store, I may have an answer:
Apple do allow SaaS apps and did approved my SaaS app. I honestly don't know if they checked my app enough to tell if it is okay but it was approved.
My app implements the Free Trial mechanism without App Store's free trial option. It is clearly written on the registration view controller that the app offers 3 month of free usage without obligation, and then continues without popping and App Store free trial page or something. My app was approved so I guess it is actually okay and within Apple's guidelines.
Hope it'll somehow help someone.
We run a SAAS Web app and are going to be launching our app in Apple’s app store (up to now we’ve had a mobile Web app).
We want to offer the ability to purchase a subscription in app due to the ease of use for our customers. No problem, we know how to do that.
The question we have is whether there is an easy way to keep our web app's db updated with the user’s current subscription status so if they access our Web app we know whether their subscription is valid.
Ideally it would be great if Apple offered a web hook option where they would post an update to a url on our server. From what I've read this isn't an option.
We can always post the data to our server from the iPhone app when the user logs in, but if the user doesn’t log in on the iPhone for a while the subscription status recorded on our server will be out of date.
How are other people handling this? Are we missing something?
Update:
The closest I've found is this thread: https://forums.developer.apple.com/message/70707#70707
The app gets a receipt the first time it buys a subscription or
restores a subscription. The app can send that original receipt to
anyone's server. Anyone's server can then use that orignal receipt to
verify the current subscrition anytime it wants. You can't do that
with a non-renewing subscription but with a non-renewing subscription
the user must purchase the extension from the iOS device each time
period.
Followed up with this:
https://hetzel.net/2011-04-01/server-side-auto-renewable-subscription-receipt-verification/
And from Apple it sounds like they definitely do not make any provisions on their end for synchronization:
Cross-Platform Considerations
Product identifiers are associated with a single app. Apps that have
both an iOS and OS X version have separate products with separate
product identifiers on each platform. You could let users who have a
subscription in an iOS app access the content from an OS X app (or
vice versa), but implementing that functionality is your
responsibility. You would need some system for identifying users and
keeping track of what content they’ve subscribed to, similar to what
you would implement for an app that uses non-renewable subscriptions.
Late to the party, but I think this is a relevant reply to this question:
https://stackoverflow.com/a/47537279/543423
Hopefully this is helpful to someone :)
I am investigating the use of in-app purchase for what essentially would be a "pro" version of my app.
The app itself would be free but once in the user has the option to purchase the pro content (only 1 thing). The "pro" content would already be on the app and there is no need to download it, it would simply "unlock" it.
Is this allowed from the Apple Guidelines?
As only 1 non-consumable would be purchased I think the use of a back-end server isn't required.
Again is that allowed from the guidelines?
And is it safe and simple to just store the result in NSUserDefaults and if installed on another device pull it from SKPayment restore purchased and such?
I've looked at several other questions.
In-App Purchasing?
Retrieve purchased information in In-App purchase
How do I add consumable In App Purchases using NSUserDefaults and not my own server?
And those seem to suggest that my approach is valid, but as I know those things have changed recently I want to make sure I'm taking the right approach.
Thanks!
No problem having the content built in.
Best practice is to perform receipt verification on a server with an authentication protocol between the app and server (this is also true for several other mobile app stores). If you perform the verification on the device, people can use existing tools to get around your IAP checking and steal content. Take a look at https://developer.apple.com/library/ios/#releasenotes/StoreKit/IAP_ReceiptValidation/ for some information.
So while a server is not required, it is recommended. Only you can say if protecting your content is worth the hassle of maintaining a server.
I agree with J. Freeman that straight storage in NSUserDefaults seems weak. I store things in a local file but the format is tied to the device and requires a server computed key to create it. Finally, yes you should use SKPaymentQueue restoreCompletedTransactions to get things purchased on another device. Realize that the restored transactions should also have their receipts verified on your server.
Yes that is fine. You do not need a backend to do in-app purchases, and it is ok to ship with your content built in.
The one thing I would say be careful with though is storing the unlock information in NSUserDefaults as someone will easily be able to forge purchases that way. You should store the unlock information in the keychain.
We are using Amazon FPS payment gateway for purchasing goods through IOS app, now we need to upload it to apple review team and as this is production app, it is pointed to production/live Amazon FPS account so here I want to understand if apple really want to buy anything then they need some credentials by which they can test the purchases.
So first thing really apple tests the whole purchase flow? If yes then what credentials should I provide? or should I update the server for sandbox mode till apple approves the app?
You should submit your app and select "Hold for developer release".
Then you can provide Apple with credentials on your sandbox server to test with.
When Apple approved your app, you can switch your server to production, then release your app.
But, I have a feeling they are not going to approve your app because it provides a mechanism for folks to buy things that does not give Apple a cut of the action. This is not unlike the issue with magazines and newspapers (or anyone) selling subscriptions via non-Apple Store mechanisms: Apple doesn't like when they get cut out.
Apple would prefer you use In-App Purchase, so they get a cut.
Good luck!
EDIT:
Indeed, there is a distinction to be made for real versus virtual goods, which I guess I missed when I read your post. Sorry.
To your actual question: Will Apple test it? No one knows. :-) You should assume they will, and provide some test credentials for them to use.
I can tell you from experience with a (free) commercial app I built, before we launched the service, we had the app submitted, and Apple did register on our backend and test out the app.
We released a charitable "micro-giving" app on iOS that uses Amazon payments to externally process the donations. We submitted the app with our production payment system.
According to our server logs, during their review Apple never submitted a payment or even initiated one.
It took a couple of submissions to get approved, but their feedback largely was focused on making sure we were complying with Apple's guidelines (donations must be processed external to the app, i.e. via safari), and making it clear to the user what the exact donation process was.
I think it's unlikely that Apple would spend money to test your app, nor would they wait to see if you actually delivered the goods as promised either. However, I do think that they will make it clear to you in their feedback if they want to test without spending real money.
My newsstand app only offers one subscription and it is free. I know newsstand apps will be rejected if they do not use iTunes Connect subscriptions.
Will apple care that I never validate the receipt. The only thing I use the receipt for is to determine if they have subscribed or not and if they have then I register for push notifications.
Also, it doesn't seem like the concept of an "issue" as in the issue information that is posted to iTunes Connect is strictly necessary....
#Revanth I think 1 issue is necessary in 3 months, i.e ,4 issues in a year. but as you saying issue is not mandatory can you please provide any link in favour of your answer related to that issue part, i am also looking for this answer. Thanks
Receipt validation is not mandatory for a Newsstand app approval.
The issues part is also not mandatory unless you provide the default cover art for your app.