A key security feature of Apple’s in-app billing feature for iOS apps has been down since Thursday night, making it difficult for app developers to verify legitimate sales and leaving some of them worried they’re losing money.
Several developers have told Wired.com the verifyReceipt function, which ensures in-app purchases are valid, is showing an error whenever customers attempt to buy something through an app. Without verifyReceipt, faked purchase attempts could be made on iOS apps.
The problem started around 7:00 p.m. Pacific Time Thursday, according to several Tweets describing the problem, and had not been resolved by the time this story was posted. Apple has not responded to our requests for comment.
The Sandbox version of the site, used for testing, is up, but the URL used for real transactions shows a 404 error. With the page down, developers cannot verify that receipts are valid, and therefore can’t honor purchases because of the possibility the receipt has been forged.
The timing is especially problematic for developers because Friday is typically a busy day, said iOS developer Martin Nilsson. He estimates the problem has cost him between $900 and $1,500 in revenue. Nilsson’s app, a magazine aggregator called Paperton, is relatively new, and he feels the issue is particularly harmful because it could damage users’ trust of the app.
The iOS in-app purchasing feature is one of the best ways for iPhone and iPad developers to make money from their apps because it provides for continued revenue long past the initial app download. The function has been a cornerstone of Apple’s success in attracting developers to make apps for the platform. Apple’s App Store now boasts over half a million apps.
The in-app purchasing issue has recently come under fire for both iOS and Android developers with the aggressive actions of patent trolls like Lodsys. This summer, Apple also revamped its in-app purchasing policy regarding subscriptions.
With the verifyReceipt page out, Nilsson says he has had to develop a workaround to allow purchases to now go through. But Andrew Johnson, who develops an offline topographical maps iOS app, said the issue isn’t as critical.
“If this continued for an extended period, this would be problematic for anyone who’s using in-app purchases,” Johnson said. He said his revenue loss has been negligible because in-app purchasing isn’t a primary component of his product.
Nilsson noted that several applications that use in-app purchasing have not been affected. The inclusion of verifyReceipt is part of Apple’s In App Purchase Programming Guide, so this could mean that developers aren’t appropriately safeguarding against the possibility of forged receipts.
If you’re an iOS developer and the issue is affecting you, shoot us an email or sound off in the comments.
Image: m thierry/Flickr