My app requires a user account login before purchasing a subscription. It allows the account owner to create, edit and share content. I only have one subscription type & it’s required to create content. I will not allow family sharing of subscriptions. It’s important the content ownership is under the user account, this allows them to edit the content across platforms (Android, IOS, Web).
My question is regarding the Restore Purchases option required on IOS. I see two scenarios here:
Subscription is already associated with currently logged in user - no-op: I tell the user they’re already subscribed (the SDK Purchases object should already know that).
Subscription was created in user account A, and they’re logged into user account B.
For scenario 2, the only useful thing I could do is remove the content owned in account A and add it to account B. This could actually be useful for my app, if the user ever losses access to their original account A, I can tell them to create a new account B and use “Restore Purchases” to move their content to this new account.
In a sense this makes the users device account the parent of the app user account.
The only downside I can see is a nefarious actor grabbing the users phone and transferring their content into a new account, owned by the bad guy, however I believe there’s OS level security around the transfer (i.e. prompting).
Can you see any issues with doing this?
Best answer by jeffrey_bunn
Hi @jonathan-matthews-dd22fa! On the platform level, purchases are associated with the underlying Apple ID / Google Play ID. Also, all purchases made from an Apple ID within an app (regardless of the user ID within the app itself) are contained within a single receipt. This receipt is what RevenueCat uses to unlock entitlements.
For scenario 2, the only useful thing I could do is remove the content owned in account A and add it to account B. This could actually be useful for my app, if the user ever losses access to their original account A, I can tell them to create a new account B and use “Restore Purchases” to move their content to this new account.
If the user hits restore purchases in account B and you have our default transfer setting enabled, RevenueCat will automatically transfer the purchases to account B.
The only downside I can see is a nefarious actor grabbing the users phone and transferring their content into a new account, owned by the bad guy, however I believe there’s OS level security around the transfer (i.e. prompting).
In this scenario, all the original user would have to do is open the app and hit restore purchases again. As their Apple ID is the one that made the original purchase, restoring purchases will send the underlying receipt to RevenueCat and we will transfer the entitlements to the currently logged-in app user ID.
Let me know if I can clarify or if you have additional questions! I’m happy to help.
Hi @jonathan-matthews-dd22fa! On the platform level, purchases are associated with the underlying Apple ID / Google Play ID. Also, all purchases made from an Apple ID within an app (regardless of the user ID within the app itself) are contained within a single receipt. This receipt is what RevenueCat uses to unlock entitlements.
For scenario 2, the only useful thing I could do is remove the content owned in account A and add it to account B. This could actually be useful for my app, if the user ever losses access to their original account A, I can tell them to create a new account B and use “Restore Purchases” to move their content to this new account.
If the user hits restore purchases in account B and you have our default transfer setting enabled, RevenueCat will automatically transfer the purchases to account B.
The only downside I can see is a nefarious actor grabbing the users phone and transferring their content into a new account, owned by the bad guy, however I believe there’s OS level security around the transfer (i.e. prompting).
In this scenario, all the original user would have to do is open the app and hit restore purchases again. As their Apple ID is the one that made the original purchase, restoring purchases will send the underlying receipt to RevenueCat and we will transfer the entitlements to the currently logged-in app user ID.
Let me know if I can clarify or if you have additional questions! I’m happy to help.
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.
