0 Replies Latest reply: Jan 9, 2013 3:45 AM by MarionMck
MarionMck Level 1 Level 1 (0 points)

How can I validate access to additional content downloaded via in-app purchasing when the device is offline?  A user should still be able to access those resources when offline.  In theory a hacker could copy an app's additional resources purchased legally, including the plist file, from one device to another and then access those resources on an offline device without a problem.

 

My initial thought was to encrypt with the user's apple id at purchase time, but I can't get access to it.  I can't use the device id, that prevents sharing over the cloud.  Just storing the transaction receipt is insufficient, that could be copied to the new device.

 

I know the problem would only occur for an offline device so perhaps it is not considered to be a major issue, but I would like to protect this additional content.  All the examples I've seen seem to assume a device will be online.

 

Would a plist file copied in this way from one device to another still be work?  If so, is there a recommended way to protect additional resources or am I being too paranoid?

 

Thanks in advance for any suggestions!