问题描述
在带有应用程序内购买的iOS中,有必要验证带有订阅的收据.是否还需要验证消耗品的收据?
in iOS with in-app purchases, it is necessary to verify receipts with subscriptions. is it necessary to verify receipts for consumables also?
推荐答案
必要,不需要.推荐,是的.
Necessary, no. Recommended, yes.
所有购买;消耗品,非消耗品和订阅易受欺诈性攻击.通常是通过漏洞攻击者或网络欺骗来实现的.验证收据可以缓解此问题.
All purchases; consumables, un-consumables and subscriptions are susceptible to fraudulent attacks. Often though iap crackers or network spoofing. Validating the receipt can mitigate this problem.
您可以在应用程序本地验证收据(请参见对收据进行本地验证),尽管它仍然易于破解.
You can validate the receipt locally in the app (see Validating Receipts Locally), though it is still susceptible to cracking.
防止欺诈的最安全方法是通过将收据发送到您的服务器然后将其发送到Apple来执行服务器端验证(请参阅通过App Store验证收据).
The safest way to prevent fraud is to perform server-side validation by sending the receipt to your server then sending it on to Apple (see Validating Receipts With the App Store).
但是,请勿在应用本身中的应用商店中验证收据.欺骗网络请求并返回肯定的(有效的)结果真的很容易.
However, do not validate the receipt with the app store in the app itself. It's really easy to spoof the network request and return a positive (valid) result.
如果您发现从Apple报告中的实际购买与应用程序内购买分析之间存在很大差异(假设您已拥有),则可能要投资于服务器端验证,否则,如果不是问题, ,不用担心.
If you notice a large discrepancy between the actual purchases in your reports from Apple and your in-app purchase analytics (assuming you have that), you may want to invest in server-side validation, otherwise, if it's not a problem, don't worry about it.
这篇关于iOS应用内购买可验证消耗品的收据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!