I’m using the VerificationController provided by Raywenderlich in several of my apps, and it’s been fantastic. Totally reliable, easy to implement, and effective. It’s been live in three of my apps for several months each.
However, two days ago, all three apps suddenly stopped working properly. Every purchase is now being flagged as invalid without exception, both for my live users and for my own test accounts. I’ve made no changes to the apps or their backends, in fact I’ve been moving apartments so I literally haven’t touched them in a week or more. The change was instantaneous across all three apps, and I’ve understandably started getting complaints.
The problem seems to be in the checkReceiptSecurity() function (it’s always returning NO when it needs to return YES for valid transactions), but the code inside that function is beyond my ability to comprehend. I’m hoping someone has encountered something like this, or perhaps is even experiencing it now, and knows a solution?
As far as I can tell, it seems to be happening on the second of these lines (VerificationController.m line 158).
require(signature_length > offsetof(struct signature_blob, certificate), outLabel);
require(signature_blob_ptr->version == 2, outLabel);
certificate_len = ntohl(signature_blob_ptr->cert_len);
Which are helpfully commented as “Make sure the signature blob is long enough to safely extract the version and cert_len fields, then perform a sanity check on the fields.” When it hits the signature_blob_ptr line, it suddenly jumps to the end of the function, which I assume means that it didn’t pass some sort of check.
Can anyone shed any light on what is happening? This is obviously devastating to my app portfolio, and I need to fix it immediately. I’ll disable the verification temporarily and release an update if I have to, but I’d like to find a fix for whatever has changed…