All geek questions in one place

Is there a way to verify that the vendor identifier (IDFV) is valid?

Apple has a unique identifier called a vendor identifier (IDFV), discussed in this developer guide. http://possiblemobile.com/2013/04/unique-identifiers/

I thought it could be used with the Restful API, so only requests that have a valid IDFV will be accepted. But here is the problem: I do not know how to check IDFV. I could do this when the application is installed, it is registered with my service. But ideally, I could check this identifier.

+5
source share
2 answers

I just had a brainstorm: it's not all that simple, but what if you have a shopping app in an app where this IAP is at a free level. Have to research this more, but I think you can have a free type of purchase without ads. Then the client can send the purchase receipt (which is encrypted with iOS7) to the server side, and the server side can confirm this receipt - Apple does provide RESTful facilities for this. Thoughts? Of course, you can also do an IAP with a price> 0. This will give the application developer the ability to add a payment mechanism.

+1
source

I am not sure what the problem is. The app grabs the ForVendor ID and sends it to your server. What else could happen? Of course, you could encode the transfer so that it also sends a ForVendor identifier hash and some secret string (for example, "my secret 25671566") to verify that the transfer comes from your application.

You should also know that 1) the ForVendor ID will change if the application is uninstalled and reinstalled. 2) the keychain can solve problem No. 1 3) The application has a receipt, all applications do whether they purchased IAP. The receipt is encoded using the ForVendor identifier. You can send a receipt from the device along with your ForVendor ID and see if it can be decoded. But see paragraph 1 above.

+1
source

Source: https://habr.com/ru/post/1215916/

More articles:


All Articles