You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fetch the License information from the Apple Store (if the user has effectively downloaded our app from the store by the mobile app.
implement a simple backend (Kotlin or Java) call to verify the license on the apple store.
Open questions:
Can a third-party app asks to the store the license information of our app?
Can we detect server site that the license sent by the "app" (of a fake app) is strictly connected to the device that is sending the request?
Io order to restrict the API access only to our iOS app, we should implement the server side license verification. The process is described here:
https://developer.apple.com/library/archive/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateLocally.html
https://developer.apple.com/library/archive/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateRemotely.html
Here a iOS security guide:
https://www.apple.com/business/docs/site/iOS_Security_Guide.pdf
The task has 2 phases:
Fetch the License information from the Apple Store (if the user has effectively downloaded our app from the store by the mobile app.
implement a simple backend (Kotlin or Java) call to verify the license on the apple store.
Open questions:
Can a third-party app asks to the store the license information of our app?
Can we detect server site that the license sent by the "app" (of a fake app) is strictly connected to the device that is sending the request?
Note:
The Native API call should be integrated with flutter
https://flutter.dev/docs/development/platform-integration/platform-channels
The text was updated successfully, but these errors were encountered: