Is original_transaction_id of non-consumable item unique and immutable value?

Hello


We are studying how to restore the user data of the application.

Do you have any suggestions?

We are now considering restoring user data using receipt of In-App Purchase.


Specifically, we are considering restoring user data by using the original_transaction_id of the receipt,

Is the value of the original_transaction_id of the receipt a unique value that does not overlap and is not changed?


For example, by model change etc., have users transitioning to terminals purchase free non-consumable items in advance.


Save the original_transaction_id of the receipt of the free non-consumable item as user data on the server.

The user installs the application on another terminal and restores purchase history.

When restoring, refer to the original_transaction_id of the receipt and the original_transaction_id of the application server's database to identify the user and restore the user data.


If the original_transaction_id of the receipt is unique and immutable value, I think whether it is possible to restore the user data by the above method, how is it?

I will be saved if you give me advice.

Replies

I believe it is unique* but this is certainly not the easiest or preferred way of doing what, I think, you want to do.


First, you want to restore data to a 'user'. What is a 'user'? (I think you will chose #4 or #5 below)

1) Is it anyone using a particular device?

2) Is it anyone using a particular device that is logged into a particular Apple ID on the App Store?

3) Is it anyone using any one of multiple devices that is logged into the same particular Apple ID on the App Store?

4) Is it anyone using a particular device that is logged into a particular Apple ID on the device?

5) Is it anyone using any one of multiple devices that is logged into the same particular Apple ID on the devices?


If you want to make it device specific (1 or 3 or 4) use either identifierForVendor or an entry in the keychain. The keychain survives deletion and reinstallation of the app but is more difficult then just using identifierForVendor.


If you want to make it related to the Apple ID on the device (4 or 5) then use the iCloud key-value file. It is specific to the user's Apple ID.


If you want to make it related to the Apple ID on the App Store (2 or 3) then you will need to do your IAP purchase and check the original_transaction_id.


* There is one condition in which it might not be unique. A user on a new device can repurchase an IAP a second time rather than restoreCompletedTransactions on that device. In that case the repurchase transaction used to be a new transaction with a new originalTransaction.transactionIdentifier. I believe that issue was resolved with the advent of the receipt and the receipt fields and now I believe that receipt for the IAP will reflect the original purchase whether it is restored or repurchased - but I am not certain about that.

thank you for your answer.


The user becomes 3.

As with automatic renewal subscription billing, with multiple devices related to AppleId

I want to be able to restore user data (such as profile information).


When re-purchasing the IAP again on another terminal, try checking whether the original_transaction_id has been changed.


identifierForVendor is an alphanumeric string that uniquely identifies the device to the vendor of the application. " It seems that it is different for multiple terminals.

Although keychain access is secure, it is not restored unless it is "encrypted and backed up". Most users do not "encrypt and back up".

identifierForVendor and Keychain are both specific for the device. Are you certain you wish to use the App Store ID and not the user’s Apple ID?

>As with automatic renewal subscription billing, with multiple devices related to AppleId

>I want to be able to restore user data (such as profile information).


Sorry, It was meaning to use receipt rather than directly using AppleID.

The answer to "user" of your first question may not have been accurate.

I am unfamiliar with English and I am using google translation.


In my application, after installing the application, I created a unique ID using uuidString in the application, posted it to the application server, and registered as a user.

If you uninstall the application and reinstall it, it becomes a new user.

Currently, users can not restore user data in the application.


Originally it was a specification that can restore user data even after uninstallation using keychain access,

It has been pointed out that there is a security problem from the client and it is now the specification.


However, there is also a desire to restore user data, and we are considering whether we can restore user data by using receipt.

You wrote: "In my application, after installing the application, I created a unique ID using uuidString in the application, posted it to the application server, and registered as a user. If you uninstall the application and reinstall it, it becomes a new user."


This will not happen if you store the UUID in the keychain. The contents of the keychain survive delting and reinstalling the app.


You wrote: using keychain access, It has been pointed out that there is a security problem


I am unaware of any security problem with the keychain. It is very secure.



----------------------

You are asking how to identify a particular user. There are the following ways to do that:


1) use the original_transaction_id in a receipt for an IAP. I think this is too complicated unless you have some other reason to purchase an IAP and verify its receipt.


2) use the identifierForVendor UUID or your own UUID. This works well but it is device specific. That means that a single user with two iPhones will appear to be two different users. It also means that two different people using one device will appear as one user. It also means that a person who deletes and then reinstalls the app will appear as a different user.


3) use your own UUID that you store in the key-value file on the iCloud Account of the user. If the user already has a UUID stored in their key-value iCloud file then that is a user who has already opened the app on a different device or opened the app on that device and then deleted and reinstalled it on that device. Because that user is using the same "Apple ID" they are accessing the same key-value file on the Cloud.


4) use your own UUID that you store in the device's keychain. This is exactly the same as #2 above but it if a person deletes and reinstalls the app they do not become a different user.