Local receipt validation in Swift doesn’t seem to be widely written about. I’ve been able to find snippets of code scattered across the Internet, but nothing that brought everything together in one spot so that I could wrap my head around the whole process.
I’ve been working on some code for a while, and this post is my attempt to bring it all together from start to finish.
I’ve written seven guides that will take you from preparing to test receipt validation, all the way through to working with the result of the receipt validation process to enable/disable features of your app.
Additionally, I’ve put all of my code into a new GitHub repository for you to use and learn from!
Just want the code? Here you go!
Seven guides taking you from start to finish
If you’re interested in learning about each step along the way, here are the seven guides I’ve written on the topic of local receipt validation in Swift:
- Preparing to Test Receipt Validation for iOS
- OpenSSL for iOS & Swift the Easy Way
- Loading a Receipt for Validation with Swift
- Extracting a PKCS7 Container for Receipt Validation with Swift
- Receipt Validation – Verifying a Receipt Signature in Swift
- Receipt Validation – Parse and Decode a Receipt with Swift
- Finalizing Receipt Validation in Swift – Computing a GUID Hash
Preventing software piracy is hard. The code presented in these guides and shared in the Git repository is not meant to protect you against unauthorized usage of your app or its features.
The guides and code are meant to be used for learning purposes, and perhaps as a starting point for implementing local receipt validation on your own. If you use this code as-is in your app, you do it at your own risk.
You must take additional efforts to obfuscate the code presented here to thwart an attacker’s attempt at circumventing the receipt validation logic contained within this repository.