Hannes Oud

@xhruso00 thanks for your thorough investigations. I've tried to apply your adjustments in https://github.com/IdeasOnCanvas/AppReceiptValidator/pull/100, please have a look. I'm not sure how we would best proceed with merging that or...

https://github.com/IdeasOnCanvas/AppReceiptValidator/pull/93 should now have official fixed the issues, and is part of the tagged release `1.1.1`

The tests currently only cover sandbox vs production unofficial domains but not vpp with examples, but I can confirm the results from the screenshot you linked are correct with old...

I see, yeah, if you don't want to depend on this undocumented receipt field, then that's probably the way to go.

> I think option 3 with option 1 would be the best way to handle this. I just hope App review wouldn't object to having duplicate apps (with different business...

From [the link](https://developer.apple.com/news/?id=ytb7qj0x): > If you validate App Store receipts on device using the App Store receipt signing certificate, make sure you haven’t hardcoded the intermediate certificate and verify that...

It looks like this is only affecting the intermediate certificates, which are not pinned by AppReceiptValidator, so I wouldn't expect issues with those changes. To be sure we should wait...

We now unfortunately have cases where signature checks fail because of https://developer.apple.com/documentation/technotes/tn3138-handling-app-store-receipt-signing-certificate-changes Note: The appstore sandbox receipts (running mac debug builds) still return SHA1 signed receipts, so those are not...

#93 should now have official fixed the issues

@john-work-ios The general recommendation is to update `AppReceiptValidator` to version `>= 1.1.1` Details: - your app may be affected if, you call the `AppReceiptValidator`'s `validateReceipt` without customizations - Resolve the...