Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Resolved] Changes to the App Store receipt signing certificate #89

Open
john-work-ios opened this issue Dec 20, 2022 · 8 comments
Open
Assignees

Comments

@john-work-ios
Copy link

According to this link:
https://developer.apple.com/news/?id=ytb7qj0x
A certificate will change.
Will this impact users of this framework?

@hannesoid
Copy link
Contributor

From the link:

If you validate App Store receipts on device using the App Store receipt signing certificate, make sure you haven’t hardcoded the intermediate certificate and verify that the chain of trust for the container’s signature matches the Apple Inc. Root Certificate.

Luckily, AppReceiptValidator ships without intermediate certificate, and instead only hardcodes the the Apple Root certificate. So I'd say we are good, and following what Apple is recommending here.

The Apple Root certificate is theoretically valid until 2035, after that, AppReceiptValidator will consider all receipts invalid. It may be interesting to keep this in mind for the longterm future.

I consider this issue closed, but will leave it open in case others get interested in the topic and to prevent creation of duplicates.

@john-work-ios
Copy link
Author

I don't know if I should create another thread for this. But another major change (different than the first one) is coming this summer:
https://developer.apple.com/documentation/technotes/tn3138-handling-app-store-receipt-signing-certificate-changes

@hannesoid
Copy link
Contributor

It looks like this is only affecting the intermediate certificates, which are not pinned by AppReceiptValidator, so I wouldn't expect issues with those changes. To be sure we should wait until June 20, 2023 when SHA256 intermediate certificates are introduced for sandbox/debug builds and test them.

@hannesoid
Copy link
Contributor

hannesoid commented Aug 28, 2023

We now unfortunately have cases where signature checks fail because of https://developer.apple.com/documentation/technotes/tn3138-handling-app-store-receipt-signing-certificate-changes

Note: The appstore sandbox receipts (running mac debug builds) still return SHA1 signed receipts, so those are not ideal for testing SHA256 compatibility, unlike what Apple mentions in the above article.

We are currently evaluating a fix #93 which passes tests (and can also offer this workaround in the meantime: #92)

@hannesoid
Copy link
Contributor

#93 should now have official fixed the issues

@john-work-ios
Copy link
Author

john-work-ios commented Aug 28, 2023

Thanks a lot for the fix!
Does the signature verification requires action on the code side?
In other words: I don't do any call in my code to verify the receipt. Could I still run into that issue?

@hannesoid
Copy link
Contributor

@john-work-ios
The general recommendation is to update AppReceiptValidator to version >= 1.1.1

Details:

  • your app may be affected if, you call the AppReceiptValidator's validateReceipt without customizations
    • Resolve the issue by updating AppReceiptValidator
  • If you call the validateReceipt but have customized the parameters with parameters.signatureValidation = .skip, or, if you for example only call parseReceipt but not validateReceipt, then there is nothing to worry about

@hannesoid hannesoid changed the title IMPORTANT: Upcoming changes to the App Store receipt signing certificate [Resolved] Changes to the App Store receipt signing certificate Aug 29, 2023
@john-work-ios
Copy link
Author

Thank you, this is very clear. Much appreciated, same goes for your work! Cheers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants