As part of ongoing efforts to improve security and privacy on Apple’s platforms, the App Store Receipt Signing Intermediate Certificate used to validate the sale of apps and related in-app purchases is being updated to use the SHA‑256 encryption algorithm. This update will be completed in several phases and new apps and app updates may be affected depending on how you verify receipts.
What is expected?
No action is required if your app authenticates App Store transactions using the AppTransaction and transaction APIs or a web service endpoint.
If your app verifies App Store receipts on the device, make sure your app supports the SHA-256 version of this certificate. New apps and app updates that do not support the SHA-256 version of this certificate will not be accepted by the App Store starting August 14, 2023.
Important dates
- On June 20, 2023, receipts in the sandbox will be signed with the SHA‑256 version of this certificate for devices running at least iOS 16.6, iPadOS 16.6, tvOS 16.6, watchOS 9.6, or macOS Ventura 13.5.
- August 14, 2023 Receipts and app updates in new apps and all apps entering the App Store and sandbox will be signed with a SHA‑256 intermediate certificate.
See TN3138: App Store Invoice Signing Certificate Change for more details.