Post

Replies

Boosts

Views

Activity

Reply to App Store Connect Shared Secret
Thanks a lot for the response PBK. Regarding your first point, do you know if there is any way to get an official response from Apple on matters such as this one? We would like to be completely sure on our decision here, given the sensitive nature / potential for abuse of in app purchases. But the secret could be used to hack the receipt validation process How would such a hack work? If the secret is only good for validating the receipt, then I assume the most the attacker could do is validate receipts on our behalf? Perhaps the attacker could send a large number of requests to Apple's API using our secret, leading Apple to rate-limit or cut-off our API access? Many thanks, Alex
Aug ’20