TN3138: Handling App Store receipt signing certificate changes

Ensure that your app’s local receipt validation is compatible with intermediate certificates that require using the SHA-256 algorithm.

View Technote TN3138 >

We were caught unawares of this change due to a game of ours that validates the receipts locally. We are submitting a fix, but I wanted to understand why we were unable to detect the change earlier :-

The Technote mentions that the certificates would change on :- Sandbox - June 20, 2023 TestFlight - August 16, 2023 App Store - August 16, 2023

  1. We released an update on 2nd Sept 2023 which was still using the SHA-1 algorithms. That did not fail ; was there a delay in rolling out the new certificate on App Store?

  2. Even today (23rd Sept), the Sandbox and Testflight builds of the game, which use the SHA-1 algorithm to validate the receipt locally, validate successfully. Is there any other criteria being used to return the SHA-1 256 certificates on Sandbox or Testflight? e.g. to only devices running on iOS 16.6 etc ?

TN3138: Handling App Store receipt signing certificate changes
 
 
Q