

How Apple badly messed up with in-app purchases on Lion and didn’t tell anyone - grayprog
http://gorban.org/post/10455358440/apple-messed-up-in-app-purchases

======
cmatthias
My honest opinion is that the only solution here is to pack up and leave
Apple's closed ecosystem, because they clearly don't care about their
developers. If you are continuing to do business with them you are sending
them a message that it's OK to continue to do this. If it's a Mac app, sell it
on your own website; if it's an iOS app, rewrite it for Android and sell it
there.

~~~
veyron
easier said than done. How do you distribute apps to people outside the app
store?

~~~
w1ntermute
The same way you did before there was an app store - through your website. As
for Android, you can sell APKs through your site that people can sideload onto
their phones.

~~~
veyron
I thought the terms of service were changed so that you can't sell directly
...

How does it work? Do you just send ipa files that the user is expected to
import into itunes?

~~~
kennywinker
Yes, but jailbreak is required.

~~~
veyron
makes sense, but I thought w1ntermute was distributing using a non-JB channel

~~~
nknight
There are mechanisms for sideloading to a limited number of devices. Those
mechanisms used to be trivially exploitable to authorize an infinite number of
devices, but AFAIK, Apple locked it down a lot more and blocked developers
that were doing it quite a while ago.

------
sambeau
I can't stand apps that appear free but require an in-app purchase to work
fully. It feels really dishonest to me.

Yuck.

~~~
AndyJPartridge
It's more about defeating dishonesty actually.

You can download full version of apps for free very easily with a Jailbroken
phone.

As a developer, by using in-app purchase you have a very good chance of
defeating that loophole.

~~~
pixelcloud
There is an inapp purchase cracker on cydia now... Most apps dont actually
check to make sure you purchased the content.

~~~
kennywinker
Most iOS apps use a standard set of system calls to check if the item has been
purchased. I assume the hack works by patching the systems calls to return YES
to all queries about in-app purchase items. That's how I would do it if I was
building something like that. There are no tokens or keys to validate... it's
just "hey system, is this paid for? okay!"

~~~
stottc
There's an option to do server-side receipt validation. That should prevent a
hack like that.

~~~
reitzensteinm
Also, checking for the purchase status of an item that can't be bought would
be a cheap and easy place to start.

Easy to get around with a custom crack, but it should actually be pretty
effective against a blanket 'just return yes' crack.

------
subpixel
Slightly OT: I notice that your apps are for sale both in the App Store and
through your own site.

I'd be interested in hearing about your experience maintaining your own
sales/fulfillment channel while also taking advantage of Apple's. What advice
would you give other developers?

Thanks

~~~
grayprog
Not sure I'd advise to those starting out today, except for the following
cases: 1\. You consider enterprise or other large sales, which are not
comfortable through Mac App Store. 2\. You want to participate in bundles or
other promotions. Technically, you don't need a store for this but you need to
create a version which can be licensed outside of Mac App Store.

Personally, I started selling ImageFramer (my first Mac application) in 2006,
so we first had our own store and Mac App Store came second.

------
Arkid
Exactly the way Google treats customers when it messes up. Google, Apple and
all these big silicon valley companies suck at customer service.

~~~
innes
I remember Google having reported various problems with their app store in the
past, so the accusation is not valid, at least with respect to what we're
discussing here.

------
hitonagashi
I hit this with Pixelmator...I actually assumed it was their fault, and just
uninstalled it and reinstalled it again, after which it worked fine.

I'm on Snow Leopard still though, so might not just be a Lion problem.

~~~
grayprog
In-app purchases don't existing in Snow Leopard. I think it was some other
issue.

------
psychotik
I experienced something similar with the iOS in-app purchases but I did avoid
damage like bad reviews, etc. Details here:
[http://crazyviraj.blogspot.com/2011/08/dont-let-apples-
laten...](http://crazyviraj.blogspot.com/2011/08/dont-let-apples-latency-mess-
with-your.html)

------
alimbada
Expecting anything more than this from Apple is deluding yourself.

If they can't get fixes out for security holes until they're in imminent
danger of being in the spotlight (Pwn2Own - and that's only one example; Apple
are especially notorious for only fixing things when it affects their public
image), then expecting them to fix issues like this is extremely naive.

------
Jyaif
Also, it should be known that in the SDK terms of use, Apple warns that it's a
bad idea to tell the press when there's a problem, so developers are actually
afraid of publicly complaining about Apple...

------
joely
You could have tested your in-app-purchase, yourself, and minimized the
damage. #2020hindsight

~~~
grayprog
If you think we developers don't test in-app purchases before releasing, think
again.

It's one the most critical parts of user's experience and certainly this is
not a place where we'll just write code and ship without testing.

The problem is that it didn't happen for all transactions and appeared to work
for some users but not for other. Sometimes it worked for some user on one
machine but not on another.

And another developer who hit it with his app in testing didn't understand it
was Apple's issue. He created another test-user Apple ID and it worked then so
he supposed it was kind of a glitch related to his use of the previous test
Apple ID. Really, the last thing you'd think is that Apple has bugs in the
payment system.

