Upcoming changes to the App Store receipt signing intermediate certificate

As part of ongoing efforts to improve security and privacy on Apple platforms, the App Store receipt signing intermediate certificate that’s used to verify the sale of apps and associated in‑app purchases is being updated to use the SHA‑256 cryptographic algorithm. This update will be completed in multiple phases and new apps and app updates may be impacted, depending on how they verify receipts.

What to expect

If your app verifies App Store transactions using the AppTransaction and Transaction APIs, or the verifyReceipt web service endpoint, no action is required.

If your app validates App Store receipts on device, make sure your app will support the SHA-256 version of this certificate. New apps and app updates that don’t support the SHA-256 version of this certificate will no longer be accepted by the App Store starting August 14, 2023.

Important dates

    n

  • June 20, 2023. Receipts in the sandbox environment will be signed with the SHA‑256 version of this certificate for devices running a minimum of iOS 16.6, iPadOS 16.6, tvOS 16.6, watchOS 9.6, or macOS Ventura 13.5.
  • n

  • August 14, 2023. Receipts in new apps and app updates submitted to the App Store, as well as all apps in sandbox, will be signed with the SHA‑256 intermediate certificate.
  • n

For more details, view TN3138: Handling App Store receipt signing certificate change.

Leave a Reply