I've just been browsing this repo to see if it's usable, but I'm pretty sure I spotted a vulnerability:
The checkReceipt: method is using the logic from this Apple guide which states that this logic is meant for communication between your app's server and Apple's servers. You should not use this logic for communication between a user's device and Apple's servers, because as the docs state:
It is not possible to build a trusted connection between a user’s device and the App Store directly because you don’t control either end of that connection.
I've just been browsing this repo to see if it's usable, but I'm pretty sure I spotted a vulnerability:
The
checkReceipt:
method is using the logic from this Apple guide which states that this logic is meant for communication between your app's server and Apple's servers. You should not use this logic for communication between a user's device and Apple's servers, because as the docs state: