Don't validate IAP receipt on device?

[w-i-n-s]

Details on documentations

Warning Do not call the App Store server verifyReceipt endpoint from your app. You can't build a trusted connection between a user’s device and the App Store directly, because you don’t control either end of that connection, which makes it susceptible to a man-in-the-middle attack.

To solve it we can follow 3 cases (pros/cons) details from apple:

• Forget about receipt validation (0 min / jailbroked devices can used app for free)
• Implement in-app check (everything inside app / isn't fast and simple to decrypt receipt file)
• Add backend to just validate receipt (right way / need backend)
• Use current setup SubscriptionManager.swift

[Sjors]

For privacy reasons I don't want to add a backend to the app. Right now a backend would also be useless, because the app doesn't need external information.

The app is open source, so anyone can install Xcode, build it and run it for free on their own device.

So let's just drop receipt validation.

[w-i-n-s]

@Sjors Okay, I agree.