Does generating app-specific shared secret invalidate master secret?

Hi there,

I'm getting ready to transfer my app, which requires my app to have an app-specific shared secret.

The app is currently live, and using the MASTER secret.

My question is:

If I generate the app-specific shared secret, will the live app still be able to use the MASTER secret, ie. until I can get an update out that uses the shared secret? I realize the app itself should not contain the secret, but in this case it does :S


thanks

tim

Answered by rkubota in 333890022

I did a quick test for a sandbox app. I created an app specific shared secret. Then I verified that I could validate the appStoreReceipt using either the app specific or the master shared secret.


rich kubota - rkubota@apple.com

developer technical support CoreOS/Hardware/MFI

I'd check with the AppStoreConnect folks as to the answer to this question. My suspicion is that either should work for the specific app, but I'd want to verify this with a test app to see if the master and app specific shared secret work to validate the appStoreReceipt.


rich kubota - rkubota@apple.com


developer technical support CoreOS/Hardware/MFI

Accepted Answer

I did a quick test for a sandbox app. I created an app specific shared secret. Then I verified that I could validate the appStoreReceipt using either the app specific or the master shared secret.


rich kubota - rkubota@apple.com

developer technical support CoreOS/Hardware/MFI

My thanks to both of you -- super awesome not to have to pull this lever without knowing if it means my app cannot be purchased anymore or not 🙂

Does the master shared secret ever stop working? Maybe once the app-specific secret is used on production? I'm asking since the documentation states the following: Note: Once an app uses an app-specific shared secret, it can no longer use the primary shared secret. App-specific shared secrets cannot be deleted, only regenerated.

Does generating app-specific shared secret invalidate master secret?
 
 
Q